guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LUKS2 support in Guix

From: Fabio Natali
Subject: LUKS2 support in Guix
Date: Fri, 01 Mar 2024 09:08:21 +0000 
Hi 👋,

I wasn't able to use a LUKS2+PBKDF2 encrypted partition when setting up
a machine recently. I understand this isn't supported by the version of
GRUB currently shipped in Guix.

Basically, with a LUKS2+PBKDF2 drive, you get stuck at boot with no
chance for GRUB to detect the relevant partitions. Or, at least, that
was my experience with that setup.

The Guix manual would indicate that LUKS2 is actually supported, when
used in combination with PBKDF2⁰:

> Note that GRUB can unlock LUKS2 devices since version 2.06, but only
> supports the PBKDF2 key derivation function, which is not the default
> for cryptsetup luksFormat. You can check which key derivation function
> is being used by a device by running cryptsetup luksDump device, and
> looking for the PBKDF field of your keyslots.

If I'm right in thinking that LUKS2+PBKDF2 is not supported and there's
no clear timeline for a fix yet, could it be worth to amend the manual
to say that it has to be LUKS1 at this stage?

Glad to amend the manual in case, but I might as well be missing
something here, so I wanted to check with you first.

Thanks, best wishes, Fabio.


⁰ 
https://guix.gnu.org/manual/devel/en/html_node/Keyboard-Layout-and-Networking-and-Partitioning.html#Disk-Partitioning


-- 
Fabio Natali
https://fabionatali.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]