14

How does bit rot affect a LUKS container and the filesystem inside?

Suppose you have a filesystem that is well suited to deal with bit rot. Now put it inside a LUKS container. In case bit rot corrupted the container, I assume the decrypted filesystem will suffer huge amounts of corrupted raw bytes / blocks.

How does LUKS protect against this?

Improve this question
1
  • If the filesystem itself is actually designed to properly handle bitrot (IOW, it’s something like ZFS or BTRFS), then it doesn’t matter how LUKS handles things, because the filesystem will handle either of the possible ways LUKS could handle it (a read error or bogus data). Commented Dec 28, 2021 at 14:06

2 Answers 2

Reset to default
18

Bitrot in the LUKS header (key and otherwise critical material): it's *poof* gone.

(There is a bit of redundancy and checksum for the LUKS2 header but it doesn't cover much, so chances are... it's still gone).

Bitrot in encrypted data: it depends on the encryption mode, but in general, a single bit flip will result in 16 wrong bytes.

Set up encryption:

# truncate -s 32M bitrottest.img
# cryptsetup luksFormat bitrottest.img
# cryptsetup luksOpen bitrottest.img bitrottest

Make it all zero:

# shred -n 0 -z /dev/mapper/bitrottest 
# hexdump -C /dev/mapper/bitrottest 
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
01000000

Flip a bit:

# losetup
NAME       SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE           DIO LOG-SEC
/dev/loop0         0      0         1  0 bitrottest.img        0    4096
# dd bs=1 count=1 skip=30M if=/dev/loop0 | hexdump -C
00000000  a2                                                |.|
00000001
# printf "\xa3" | dd bs=1 count=1 seek=30M of=/dev/loop0
# dd bs=1 count=1 skip=30M if=/dev/loop0 | hexdump -C
00000000  a3                                                |.|
00000001

Result:

# hexdump -C /dev/mapper/bitrottest 
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00e00000  eb d1 bd b0 2a f5 77 73  35 df 82 40 1e a7 27 11  |....*.ws5..@..'.|
00e00010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
01000000

One flipped bit, 16 whacky bytes.

Protection? None whatsoever. For that, you'd have to add integrity (just to report errors, redundancy is still a separate issue from that).

You are not supposed to deliberately write corrupt data to your storage.

Storage is supposed to report read errors instead of returning bogus data. In that case your data is still gone, but at least, it's not silent bitrot.

Improve this answer
1
  • Does BTRFS protect against a 16 whacky bytes? Commented Dec 30, 2021 at 18:32
7

LUKS itself doesn't protect against bit rot. If you want protection against bit rot on the block device level you need DM integrity. LUKS 2 can be combined with integrity to get authenticated encryption (cryptsetup luksFormat with --integrity) and with that system will be able to detect that the data changed, but that isn't really helpful against bit rot -- the sector will simply give you IO error if you try to read it and doesn't know how to fix it. (The point of AEAD is to detect that someone changed the encrypted data.)

To actually fix the data you'll need RAID 1 and the standalone integrity device under the RAID legs to make self healing possible (this works automatically, RAID gets IO error from one leg, reads the data from the other one and fixes (tries to) the first one). The new systemd 250 added support for assembling integrity devices during boot via /etc/integritytab (for non-root filesystems) so you can try that. But this all needs to be done "under" the LUKS level to make it work as @frostschutz showed in his answer because the error needs to be fixed in the encrypted data.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.