On Friday, July 29th, 2022 at 6:56 PM, brutser--- via Grub-devel <email@example.com> wrote:
testing detached header failed:
1. built grub payload with following modules: ahci
usb_keyboard part_msdos part_gpt at_keyboard cbfs cryptodisk luks2 lvm
gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512
2. encrypt a partition: cryptsetup
luksFormat --type luks2 -q -h sha512 -s 512 --pbkdf pbkdf2 --header
/path/to/header --luks2-metadata-size=16k --luks2-keyslots-size=512k
(where --luks2-metadata-size=16k --luks2-keyslots-size=512k is optional, this is just to minimize header size, but I also tested without).
3. from the grub cmd, i try to decrypt this partition using: cryptomount -H /path/to/header (ahci0,msdos1)
4. I also tried luks1 encryption with detached header.
whatever I try, I always get the same error:
"no cryptodisk module can handle this device"
Is this feature not 100% implemented yet, I saw people already verifying the patches and would expect this to be working, so if yes, this seems like a bug.