From: Josselin Poiret via Guix-patches via <guix-patches@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Josselin Poiret <dev@jpoiret.xyz>, 51514@debbugs.gnu.org
Subject: [bug#51514] [PATCH v2 2/3] doc: Document LUKS2 GRUB support and shortcomings
Date: Mon, 15 Nov 2021 20:53:40 +0000 [thread overview]
Message-ID: <20211115205341.9724-3-dev@jpoiret.xyz> (raw)
In-Reply-To: <20211115205341.9724-1-dev@jpoiret.xyz>
* doc/guix.texi (Keyboard Layout, Networking, and Partitioning)[Disk
Partitioning]: Document it.
---
doc/guix.texi | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 1b10e2d626..95d286a836 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -98,6 +98,7 @@ Copyright @copyright{} 2021 pukkamustard@*
Copyright @copyright{} 2021 Alice Brenon@*
Copyright @copyright{} 2021 Andrew Tropin@*
Copyright @copyright{} 2021 Sarah Morgensen@*
+Copyright @copyright{} 2021 Josselin Poiret@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -2492,13 +2493,24 @@ mkfs.ext4 -L my-root /dev/sda2
If you are instead planning to encrypt the root partition, you can use
the Cryptsetup/LUKS utilities to do that (see @inlinefmtifelse{html,
@uref{https://linux.die.net/man/8/cryptsetup, @code{man cryptsetup}},
-@code{man cryptsetup}} for more information). Assuming you want to
-store the root partition on @file{/dev/sda2}, the command sequence would
-be along these lines:
+@code{man cryptsetup}} for more information).
+
+@quotation Warning
+Note that GRUB can unlock LUKS2 devices since version 2.06, but only
+supports the PBKDF2 key derivation function, which is not the default
+for @command{cryptsetup luksFormat}. You can check which key derivation
+function is being used by a device by running @command{cryptsetup
+luksDump @var{device}}, and looking for the PBKDF field of your
+keyslots.
+@end quotation
+
+Assuming you want to store the root partition on @file{/dev/sda2}, the
+command sequence to format it as a LUKS2 partition would be along these
+lines:
@example
-cryptsetup luksFormat /dev/sda2
-cryptsetup open --type luks /dev/sda2 my-partition
+cryptsetup luksFormat --type luks2 --pbkdf pbkdf2 /dev/sda2
+cryptsetup open /dev/sda2 my-partition
mkfs.ext4 -L my-root /dev/mapper/my-partition
@end example
--
2.33.1
next prev parent reply other threads:[~2021-11-15 20:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-30 15:56 [bug#51514] [PATCH 0/2] Add support for LUKS2 root partition Josselin Poiret via Guix-patches via
2021-10-30 16:12 ` [bug#51514] [PATCH 1/2] gnu: system: Add LUKS2 support for the root file system Josselin Poiret via Guix-patches via
2021-10-30 16:12 ` [bug#51514] [PATCH 2/2] doc: Document LUKS2 Grub support and shortcomings Josselin Poiret via Guix-patches via
2021-11-12 22:32 ` [bug#51514] [PATCH 0/2] Add support for LUKS2 root partition Ludovic Courtès
2021-11-15 20:53 ` [bug#51514] [PATCH v2 0/3] " Josselin Poiret via Guix-patches via
2021-11-15 20:53 ` [bug#51514] [PATCH v2 1/3] gnu: system: Add LUKS2 support for the root file system Josselin Poiret via Guix-patches via
2021-11-15 20:53 ` Josselin Poiret via Guix-patches via [this message]
2021-11-15 20:53 ` [bug#51514] [PATCH v2 3/3] installer: Make LUKS2 the default format for encrypted devices Josselin Poiret via Guix-patches via
2021-12-01 16:22 ` bug#51514: [PATCH 0/2] Add support for LUKS2 root partition Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211115205341.9724-3-dev@jpoiret.xyz \
--to=guix-patches@gnu.org \
--cc=51514@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.