linux – AES-256 ESSIV in dm-crypt

I am playing around with disk encryption. https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt#iv-generators says:

essiv: "encrypted sector|salt initial vector", the sector number is encrypted with the bulk cipher using a salt as key.
The salt is derived from the bulk cipher's key via hashing.
Note that while the cipher algorithm is always as the same as the algorithm used for data encryption,   its key size depends on used hash algorithm.
In other words, while data encryption can use AES-128, the ESSIV calculation with SHA256 will use AES-256.
ESSIV takes hash algorithm as an option, so the format is essiv:hash, e.g. essiv:sha256.
Available since: 1.1.0 (kernel 2.6.10)

The way I see it, I hash original KEY (32B), use this hash as key for bulk cipher (?) and encrypt sector number (8B) with it: result is used as IV for AES-256.

Now, do you have any idea which bulk cipher is it about? And what about its IV? I can’t find anything about it in code: https://elixir.bootlin.com/linux/v3.10/source/drivers/md/dm-crypt.c#L256. Thanks.

partitioning – How to install Ubuntu on an encrypted, error-correcting RAID 1 device with dm-crypt?

I would like to install Ubuntu on a two-disk RAID 1 with dm-integrity and LUKS2-encryption.

Unfortunately, neither Ubiquiti, nor the textmode-installer offer such a solution.

However, this seems simple enough to execute: Formatting both drives with “physical partitions for encryption” in gparted and then calling cryptsetup luksFormat --type luks2 --integrity sha256 <device> for either drive as a basis to create the RAID device, LVM and filesystem on top of in the manual installer.

Is there anything that needs to be considered with this approach? Does Ubuntu demand certain LUKS-parameters or is something particularly advisable to use for this purpose?

Do the devices need to be “opened” in any particular way before launching the installer and/or do they have to be added manually to a file to be decrypted at boot? Is the --integrity function used automatically?

Is this even the best approach or is there another way to accomplish this? (Excluding the usage of Btrfs/ZFS filesystems)

And, a related side-question, would the Btrfs-filesystem be of any additional value regarding data integrity in this scenario, rather than Ext4, even though its RAID-functions are not used?

zfs: full disk encryption with dm-crypt that requires a key file and password?

I am currently installing Arch Linux on ZFS on a dm-crypt (completely) encrypted drive, using the very useful Arch Linux wiki pages on the subject:

Encryption of a complete disk: dm-crypt simple

Installation of Arch Linux on ZFS

In summary, this system must be inaccessible without a USB, which contains both the bootloader (GRUB) and the key file in separate partitions. My question is: would it also be possible to require a password? in addition to the key file, how is it possible in geli? And what GRUB parameters should be added to affect this change?

I am not sure if it is important, but I must keep in mind that I am not using LVM as suggested in the first link tutorial, and I am only having the entire system in a ZFS group on the fully encrypted disk (for example, group from ZFS zroot in /dev/mapper/archbox_crypt)

Thanks in advance for any information you can offer about my puzzle.