From 64117fd3bf984fde2bb6d950180c1c7b93c8fb797a7d6a0580338d16858ad8e1 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Fri, 5 Dec 2025 14:37:45 +0100 Subject: [PATCH] V8.13.544.2025.12.05 Signed-off-by: Marc S. Weidner --- .../live/zzzz_ciss_crypt_squash.hook.binary | 45 +++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary index 242538d..821afe7 100644 --- a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary +++ b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary @@ -71,16 +71,17 @@ declare -i VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}") # - dm-integrity Overhead (Tags and Journal) # - Filesystem-Slack declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024)) -declare -i OVERHEAD_PCT=3 +declare -i OVERHEAD_PCT=10 declare -i ALIGN_BYTES=$(( 4096 * 1024 )) declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) )) declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES )) +declare -i rc= preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}" exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt" -cryptsetup luksFormat \ +if cryptsetup luksFormat \ --batch-mode \ --cipher aes-xts-plain64 \ --integrity hmac-sha512 \ @@ -91,11 +92,49 @@ cryptsetup luksFormat \ --luks2-keyslots-size 16777216 \ --luks2-metadata-size 4194304 \ --pbkdf argon2id \ - --sector-size 512 \ + --sector-size 4096 \ --type luks2 \ --use-random \ --verbose \ "${LUKSFS}" +then + + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 4096 ] successful. \e[0m\n" + +else + + printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 4096 ] failed. Trying [--sector-size 512]. \e[0m\n" + + if cryptsetup luksFormat \ + --batch-mode \ + --cipher aes-xts-plain64 \ + --integrity hmac-sha512 \ + --iter-time 1000 \ + --key-file "/proc/$$/fd/${KEYFD}" \ + --key-size 512 \ + --label crypt_liveiso \ + --luks2-keyslots-size 16777216 \ + --luks2-metadata-size 4194304 \ + --pbkdf argon2id \ + --sector-size 512 \ + --type luks2 \ + --use-random \ + --verbose \ + "${LUKSFS}" + then + + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 512 ] successful. \e[0m\n" + + else + + rc="$?" + exec {KEYFD}<&- + printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 512 ] failed. \e[0m\n" + exit "${rc}" + + fi + +fi cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso