[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#38826] doc: Mention no LUKS2 for luks-device-mapping
From: |
David Trudgian |
Subject: |
[bug#38826] doc: Mention no LUKS2 for luks-device-mapping |
Date: |
Thu, 02 Jan 2020 19:56:33 -0600 |
User-agent: |
mu4e 1.2.0; emacs 26.3 |
Hi Danny, Tobias,
>>> A mention LUKS2 is not supported in the docs might be nice.
>>
>> I agree.
>
> Same. Would you consider submitting a patch, David? Or writing the
> text?
My original email had a patch attached (or should have). Apologies -
there was no [PATCH] on the subject. Attaching here in case.
>> But better yet would be to implement LUKS2 in the uuid code.
I intend to take a look at this when I get time in the next week or so.
> Has LUKS2 support[0] been added to GRUB yet? Last I checked it
> hadn't.
I don't believe GRUB has LUKS2 support for booting from an encrypted
partition merged yet. The last I saw there was a patch for LUKS2 but it
didn't support the Argon 2i PBKDF which is the default you get when you
use LUKS2 in distros where a separate `/boot` is kept unencrypted, so it
wouldn't be useful yet.
It would still be good to be able to boot from LUKS1 but mount non-boot
LUKS2 partitions, so people like me coming from other distros can mount
their encrypted `/home` or similar without having to convert to LUKS1.
I have actually converted to LUKS1, which requires converting the key to
pbkdf2 first...
cryptsetup luksConvertKey --pbkdf=pbkdf2 /dev/sdc1
cryptsetup convert /dev/sdc1 --type luks1
...but I can easily create LUKS2 things to work on the UUID code.
Cheers,
DT
0001-Mention-no-LUKS2-in-luks-device-mapping-doc.patch
Description: Text Data