Hi Danny, Tobias,

>>> A mention LUKS2 is not supported in the docs might be nice.
>>
>> I agree.
>
> Same.  Would you consider submitting a patch, David?  Or writing the
> text?

My original email had a patch attached (or should have). Apologies -
there was no [PATCH] on the subject. Attaching here in case.

>> But better yet would be to implement LUKS2 in the uuid code.

I intend to take a look at this when I get time in the next week or so.

> Has LUKS2 support[0] been added to GRUB yet?  Last I checked it
> hadn't.

I don't believe GRUB has LUKS2 support for booting from an encrypted
partition merged yet. The last I saw there was a patch for LUKS2 but it
didn't support the Argon 2i PBKDF which is the default you get when you
use LUKS2 in distros where a separate `/boot` is kept unencrypted, so it
wouldn't be useful yet.

It would still be good to be able to boot from LUKS1 but mount non-boot
LUKS2 partitions, so people like me coming from other distros can mount
their encrypted `/home` or similar without having to convert to LUKS1.

I have actually converted to LUKS1, which requires converting the key to
pbkdf2 first...

cryptsetup luksConvertKey --pbkdf=pbkdf2 /dev/sdc1
cryptsetup convert /dev/sdc1 --type luks1

...but I can easily create LUKS2 things to work on the UUID code.

Cheers,

DT