From 5fc2cfb675580cecc7e583c7c6a7fb767b4507de Mon Sep 17 00:00:00 2001 From: Vojtech Trefny Date: Mon, 10 Mar 2025 09:52:27 +0100 Subject: [PATCH 1/2] Set persitent allow-discards flag for newly created LUKS devices We are currently using the "allow-discards" in /etc/crypttab to set the discards/fstrim feature for LUKS, but that doesn't work for Fedora Silverblue so we need to set the persistent flag in the LUKS header instead. Resolves: RHEL-82884 --- blivet/formats/luks.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/blivet/formats/luks.py b/blivet/formats/luks.py index 92c2f0bd7..151ca985a 100644 --- a/blivet/formats/luks.py +++ b/blivet/formats/luks.py @@ -364,6 +364,15 @@ def _create(self, **kwargs): def _post_create(self, **kwargs): super(LUKS, self)._post_create(**kwargs) + if self.luks_version == "luks2" and flags.discard_new: + try: + blockdev.crypto.luks_set_persistent_flags(self.device, + blockdev.CryptoLUKSPersistentFlags.ALLOW_DISCARDS) + except blockdev.CryptoError as e: + raise LUKSError("Failed to set allow discards flag for newly created LUKS format: %s" % str(e)) + except AttributeError: + log.warning("Cannot set allow discards flag: not supported") + try: info = blockdev.crypto.luks_info(self.device) except blockdev.CryptoError as e: From 8312a8cb8a4f78529174031214d3cc137c503fbc Mon Sep 17 00:00:00 2001 From: Vojtech Trefny Date: Wed, 12 Mar 2025 11:08:00 +0100 Subject: [PATCH 2/2] Add a simple test for setting the allow-discards flag on LUKS --- tests/unit_tests/formats_tests/luks_test.py | 30 ++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/tests/unit_tests/formats_tests/luks_test.py b/tests/unit_tests/formats_tests/luks_test.py index d4322f118..70baf8f7b 100644 --- a/tests/unit_tests/formats_tests/luks_test.py +++ b/tests/unit_tests/formats_tests/luks_test.py @@ -18,8 +18,17 @@ def test_create_discard_option(self): fmt = LUKS(exists=True) self.assertEqual(fmt.options, None) + fmt = LUKS(passphrase="passphrase") + with patch("blivet.devicelibs.crypto.calculate_luks2_max_memory", return_value=None): + with patch("blivet.devicelibs.crypto.get_optimal_luks_sector_size", return_value=0): + with patch("blivet.formats.luks.blockdev") as bd: + fmt._create() + bd.crypto.luks_format.assert_called() + fmt._post_create() + bd.crypto.luks_set_persistent_flags.assert_not_called() + # flags.discard_new=True --> discard if creating new - with patch("blivet.flags.flags.discard_new", True): + with patch("blivet.formats.luks.flags.discard_new", True): fmt = LUKS(exists=True) self.assertEqual(fmt.options, None) @@ -34,6 +43,25 @@ def test_create_discard_option(self): fmt = LUKS(exists=False, options="blah") self.assertEqual(fmt.options, "blah,discard") + fmt = LUKS(passphrase="passphrase") + with patch("blivet.devicelibs.crypto.calculate_luks2_max_memory", return_value=None): + with patch("blivet.devicelibs.crypto.get_optimal_luks_sector_size", return_value=0): + with patch("blivet.formats.luks.blockdev") as bd: + fmt._create() + bd.crypto.luks_format.assert_called() + fmt._post_create() + bd.crypto.luks_set_persistent_flags.assert_called() + + # LUKS 1 doesn't support the persistent flags + fmt = LUKS(passphrase="passphrase", luks_version="luks1") + with patch("blivet.devicelibs.crypto.calculate_luks2_max_memory", return_value=None): + with patch("blivet.devicelibs.crypto.get_optimal_luks_sector_size", return_value=0): + with patch("blivet.formats.luks.blockdev") as bd: + fmt._create() + bd.crypto.luks_format.assert_called() + fmt._post_create() + bd.crypto.luks_set_persistent_flags.assert_not_called() + def test_key_size(self): # default cipher is AES-XTS with 512b key fmt = LUKS()