From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:51316) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inCNf-0007dc-Lb for guix-patches@gnu.org; Thu, 02 Jan 2020 21:08:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1inCNe-00060r-F9 for guix-patches@gnu.org; Thu, 02 Jan 2020 21:08:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:34309) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1inCNe-00060j-AB for guix-patches@gnu.org; Thu, 02 Jan 2020 21:08:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1inCNe-0000hG-6W for guix-patches@gnu.org; Thu, 02 Jan 2020 21:08:02 -0500 Subject: [bug#38826] doc: Mention no LUKS2 for luks-device-mapping Resent-Message-ID: References: <20191231034701.GA10716@lappy> <20200102233256.4250ec30@scratchpost.org> <87png18o7d.fsf@nckx> From: David Trudgian In-reply-to: <87png18o7d.fsf@nckx> Date: Thu, 02 Jan 2020 19:56:33 -0600 Message-ID: <8736cxl2um.fsf@lappy.randomroad.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Tobias Geerinckx-Rice Cc: David Trudgian , Danny Milosavljevic , 38826@debbugs.gnu.org --=-=-= Content-Type: text/plain Hi Danny, Tobias, >>> A mention LUKS2 is not supported in the docs might be nice. >> >> I agree. > > Same. Would you consider submitting a patch, David? Or writing the > text? My original email had a patch attached (or should have). Apologies - there was no [PATCH] on the subject. Attaching here in case. >> But better yet would be to implement LUKS2 in the uuid code. I intend to take a look at this when I get time in the next week or so. > Has LUKS2 support[0] been added to GRUB yet? Last I checked it > hadn't. I don't believe GRUB has LUKS2 support for booting from an encrypted partition merged yet. The last I saw there was a patch for LUKS2 but it didn't support the Argon 2i PBKDF which is the default you get when you use LUKS2 in distros where a separate `/boot` is kept unencrypted, so it wouldn't be useful yet. It would still be good to be able to boot from LUKS1 but mount non-boot LUKS2 partitions, so people like me coming from other distros can mount their encrypted `/home` or similar without having to convert to LUKS1. I have actually converted to LUKS1, which requires converting the key to pbkdf2 first... cryptsetup luksConvertKey --pbkdf=pbkdf2 /dev/sdc1 cryptsetup convert /dev/sdc1 --type luks1 ...but I can easily create LUKS2 things to work on the UUID code. Cheers, DT --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Mention-no-LUKS2-in-luks-device-mapping-doc.patch >From 97ed4c1859e797adf4ba813ac7db3d1b8261a569 Mon Sep 17 00:00:00 2001 From: David Trudgian Date: Mon, 30 Dec 2019 21:37:35 -0600 Subject: [PATCH] Mention no LUKS2 in luks-device-mapping doc --- doc/guix.texi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 70e3dfea6a..232d99d508 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -69,6 +69,7 @@ Copyright @copyright{} 2019 Jakob L. Kreuze@* Copyright @copyright{} 2019 Kyle Andrews@* Copyright @copyright{} 2019 Alex Griffin@* Copyright @copyright{} 2019 Guillaume Le Vaillant@* +Copyright @copyright{} 2019 David C. Trudgian@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -11470,6 +11471,10 @@ This must be a @code{mapped-device-kind} object, which specifies how This defines LUKS block device encryption using the @command{cryptsetup} command from the package with the same name. It relies on the @code{dm-crypt} Linux kernel module. + +Note that currently only LUKS1 encrypted devices are supported. Existing +LUKS2 devices can be opened and mounted after boot, using +@code{cryptsetup luksOpen}. @end defvr @defvr {Scheme Variable} raid-device-mapping -- 2.24.1 --=-=-=--