On Thu, Feb 13, 2020 at 11:47:54AM +0000, Leif Lindholm wrote: > On Thu, Feb 06, 2020 at 15:27:29 +0100, Patrick Steinhardt wrote: > > By default, GRUB will allocate a quarter of the pages it got available > > in the EFI subsystem. On many current systems, this will amount to > > roughly 800MB of RAM assuming an address space of 32 bits. This is > > plenty for most use cases, but it doesn't suffice when using full disk > > encryption with a key derival function based on Argon2. > > > > Besides the usual iteration count known from PBKDF2, Argon2 introduces > > two additional parameters "memory" and "parallelism". While the latter > > doesn't really matter to us, the memory parameter is quite interesting. > > If encrypting a partition with LUKS2 using Argon2 as KDF, then > > cryptsetup will default to a memory parameter of 1GB. Meaning we need to > > allocate a buffer of 1GB in size in order to be able to derive the key, > > which definitely won't squeeze into the limit of 800MB. > > > > To prepare for Argon2, let's thus increase the default and make half of > > memory available, instead of a quarter only. This amounts to about > > 1600MB on above systems, which is sufficient for Argon2. > > I was never a huge fan of the "grab a percentage of RAM" in the first > place, and I think "grab twice that" is not the best solution here. > > (Real) corner cases that would be affected by this are: > 1) chainloading grub from grub > 2) OS loaders (loaded by GRUB) requiring large amounts of RAM before > ExitBootsevices(). > > If you have a known minimum requirement, can we work towards that > instead?
Quoting Milan from another mail in this thread: On Wed, Feb 12, 2020 at 08:18:32AM +0100, Milan Broz wrote: > Anyway, there are some limits in cryptsetup - we try to never use > more than half of physical memory and maximum is hard-compiled to 4GiB. > > (But physical memory limit applies when formatting device, then > is stored in the LUKS2 keyslot header. So if you format it on device with > much larger RAM and it is later not available, it fails to open. > It is more complicated though - we have benchmark during format that > prioritize > unlocking time, so PBKDF memory is usually decreased on low-memory systems > anyway.) As far as I can see, the default memory cost for Argon2 is 1,048,576kB, at least that is what "configure.ac" says for "luks2-memory-kb". That also matches my experience with cryptsetup 2.2.2. Patrick
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel