------- Comment From mihaj...@de.ibm.com 2020-10-29 09:59 EDT------- With 2G, the crashkernel reservation will be 320K, which will not suffice to unlock the LUKS volume when processing kdump. The installation was done using 2G. Changing the VM size to 4+G will reserve 512K, and with this size kdump is working. I agree that 512K out of 2G is probably on the brink of too much.
As I said, a warning could be emitted that crashkernel < 512k will not allow to unlock a LUKS volume (at least if argon2i is used as PBKDF). Below is the luksDump output LUKS header information Version: 2 Epoch: 4 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: ac7595b4-0b0f-45ef-b745-c6f571876158 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 4 Memory: 270246 Threads: 1 Salt: 38 7f 60 45 c6 57 26 50 72 7a a7 e3 18 59 24 24 58 7a 9b 95 dd 87 3c 19 43 88 1e 5b 98 35 fd 3d AF stripes: 4000 AF hash: sha256 Area offset:32768 [bytes] Area length:258048 [bytes] Digest ID: 0 1: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 4 Memory: 235479 Threads: 1 Salt: 02 b8 0a f3 7e 0b 1c 23 77 9b 0e b0 19 c8 69 b4 bb 0c 3c 1e fd f9 24 7d 8a bf 6e 64 3b 17 79 31 AF stripes: 4000 AF hash: sha256 Area offset:290816 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 142469 Salt: 62 73 02 e9 44 09 b0 44 0c 87 33 d4 8f 68 5e f7 3c f6 a5 68 5a 8f b6 2d a6 35 9c 02 9c ba c0 76 Digest: df 1a 9f 29 0e 2f 25 87 5f 11 11 c7 01 85 fd 2e e6 6a 98 65 bd b5 54 77 29 2d c5 b3 12 48 67 a1 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to makedumpfile in Ubuntu. https://bugs.launchpad.net/bugs/1877533 Title: [20.10 FEAT] Increase the crashkernel setting if the root volume is luks2-encrypted Status in Ubuntu on IBM z Systems: In Progress Status in linux package in Ubuntu: Invalid Status in makedumpfile package in Ubuntu: In Progress Status in linux source package in Focal: Invalid Status in makedumpfile source package in Focal: In Progress Status in linux source package in Groovy: Invalid Status in makedumpfile source package in Groovy: In Progress Bug description: Description: In case the volume containing the root filesystem is encrypted using LUKS2 the memory used while unlocking the volume may exceed the size allocated to the kdump kernel. This will lead to a failure while processing kdump and the dump file will not be stored. Unfortunately, this condition may not be detected by a client before a problem occurs. The request is to have the kdump package installation script check for LUKS2 encryption (more precisely for Argon2i PBKDF, which is the root cause of the high memory usage). If the condition is met, the installation procedure should increase the crashkernel parameter to a higher value (>=512M)or issue a warning, if the system memory is insufficient to reserve enough crashkernel memory. Business Case: Pervasive Encryption and Secure Execution require encryption of the filesystems in order to keep customer data secure at all times. With the increasing usage of these technologies, the number of kdump will rise too, typically at inconvenient times, when the kdump is triggered due to a real customer issue. With the suggested change, the number of customer complaints and effort to handle them will be reduced. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1877533/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
