I am curious about the integrity of LUKS (that is, the ability to preserve data in the event of corruption on the disk or such).
Aside: I know that backups are a solution / requirement (and I have some (well, one, atm)), and I know that there is the ability to backup (and restore) the LUKS headers in particular, but my question is something like this: The question: Suppose disk corruption corrupts one block in the data storage area of a LUKS partition / filesystem (I'm not asking about corruption in the headers or some other area of "metadata"). In the case of one block of corruption in the data storage area: * can files in the LUKS partition other than the one with the one block corrupted be read correctly? * assuming the file with the corrupted block is bigger than one block, can the other parts of the file (not including the corrupted block) be read correctly? Something I don't know is whether LUKS does encryption separately for each block (or maybe for each file) or whether somehow the result of encryption is one big "lump" of data (all files intermixed in the filesystem) and if corruption of any individual block will render the entire filesystem unreadable. (As I write this, I'm tending to believe that it is the former, but curious minds want to know (and I think I have a life or two left ;-) .) I have done some googling on this, but haven't found the magic combination of keywords. Some of the searches I tried: * [LUKS partition zero before formatting] * [encrypted filesystem power loss] * [LUKS one block corrupted] More background: in searching to understand the reason for zeroing the LUKS partition before utilizing it (either before or after the luksFormat step) (which I now understand -- in short, it is to fill it with random data!), I found a recommendation: "Note that when the encryption is in use, we need to turn off write caching for our disk." I wanted to try to understand why write caching should be turned off, or if an encrypted filesystem is any more vulnerable to loss (corruption) of one block than a non-encrypted filesystem.
