LUKS2 RFE: provide optional switch to serialize usage of memory hard functions in a system
During system boot involving many LUKS2 devices (with Argon2 enabled keyslots), there's risk of overall boot failure with hard to debug OOM events:
Example case: system has 2GB of memory in total, we have 3 or more LUKS2 devices created with default pbkdf keyslot parameters (Argon2 for LUKS2 format). Each LUKS2 devices requires ~1GB of memory to unlock a keyslot successfully. If cryptsetup open (or systemd-cryptsetup equivalent) commands are run sequentially there's low risk for oom event to happen. If we invoke all unlock commands in parallel one or more (or all of them) can get terminated by oom killer.
This is hard to debug especially in situation where we fail to mount rootfs due to it and we have (under such memory pressure) no spare space for system logs (syslog or journald gets killed often in the process as well) to store it.
We'll provide optional activation flag enabling all processes (using libcryptsetup) to serialize usage of memory hard functions in the system. The serialization point shall be lock placed in cryptsetup locking directory.
cryptsetup CLI will ignore the flag unless requested explicitly by the user.