From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:700:3204::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id wDRJMLekjWWzDgAAkFu2QA (envelope-from ) for ; Thu, 28 Dec 2023 17:39:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id YOIjK7ekjWV6RAEAe85BDQ (envelope-from ) for ; Thu, 28 Dec 2023 17:39:19 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=jpoiret.xyz header.s=dkim header.b="NzsZWr/6"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=jpoiret.xyz ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703781559; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=qh31j3ilnyq4uPpNngFqIBC87HXFdQvMTcmCGwAepCs=; b=LxVF82UxI3w8ZZ0cAo8TtqzVEe3guU6DU9yo3D4Wkw83SUYd2MbSZWiwk/hoc8+RNgrUog 4TPFpxQGMiqfnEeElHBxf98bhPy7wZLqbebf5qVuj1iarfRs4DojWjE3gsvrHhhxQVnNpn 2LM8VFlIqdikKqjhp0GrJUWe1dnhDySAXahylmLNJy+abXoLolLXfsm6MBJWAbWOrtDmNZ woVuNFTJtEgHldO2HgNodOLs6G48B/ZXtdIcTRgsUgNsvYy8qN2+22hIcqFT/JzOqu0Ixg TbqAu6h28fScxUvIeNtJIq+HWf06sPBaMs89gE0ENCpLeIvm4TO2fFePRpbuNg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=jpoiret.xyz header.s=dkim header.b="NzsZWr/6"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=jpoiret.xyz ARC-Seal: i=1; s=key1; d=yhetil.org; t=1703781559; a=rsa-sha256; cv=none; b=Wx8BkrljBJAWkCf7i/lrDsZF/clgRiW27mueVp92NAryqx0fdzMCTVWVcjoTPS4MnkiXlz f3S3lNnsPW4YyM+bcM+H+XLpnLbptprIljRmjJS5Q2B2VsG0wx+DhKebJyeSUj3diHbMRh HdfxoncLPAjuxVy5nz9Ir1mP+CQU+Fd9e+70dHYeKtibCQ7UXjTz1whgqv0oJZ6rPXUNKn mOZQHNQ9fatjeLVZKJg7ZLmeWHqaEF3OsrCGe833y5vPNV8zPIvyIs93WiqDBu7l9AfQjU 50UbR27Wq/j23XivDcI4FM0u7C1Q+rDa7FsEXo1E/GU8yl4DGXFKW2wX4/fTnw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6560A11854 for ; Thu, 28 Dec 2023 17:39:19 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rItOs-0003iX-6u; Thu, 28 Dec 2023 11:38:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rItOq-0003iN-DN for guix-devel@gnu.org; Thu, 28 Dec 2023 11:38:24 -0500 Received: from jpoiret.xyz ([206.189.101.64]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rItOo-00078c-JI for guix-devel@gnu.org; Thu, 28 Dec 2023 11:38:24 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 10563185318; Thu, 28 Dec 2023 16:38:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1703781500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qh31j3ilnyq4uPpNngFqIBC87HXFdQvMTcmCGwAepCs=; b=NzsZWr/6N32JK3D17FzWGYCBvxmmtKk5E/G6PRQKHQ/lMYAFEm9Fjj/qRTrha+TSJv6w7x qBcN8ivQVw2kisevbXOvWAfUxcNibcgVnca0Pmm270AAPcTKcCw26WChq4uCw1StGd31Ze jt5t6IonoIrvY4KqVlONJbeMcd8+MV3IsrADr8pOZQbj4wgSvQbrHJ6o5K/vmtgBKpljHt HImJ7Rx0SAYqNEQ8peG4GLX1RYUUY58lkWo0Gc9F14vmWA+Icbwn5ZwlcVPyHb89dhuKip Liw9wR8Vy1+UnlwnpFGH+X9MMBBREgKth7P0KgHFw57L3ofWnZmszr9O1J2LLA== From: Josselin Poiret To: Kaelyn , Giovanni Biscuolo Cc: guix-devel@gnu.org Subject: Re: problems installing on LUKS2 encrypted device In-Reply-To: References: <87il58a99j.fsf@xelera.eu> Date: Thu, 28 Dec 2023 17:38:14 +0100 Message-ID: <87o7eauvt5.fsf@jpoiret.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spamd-Bar: / Received-SPF: pass client-ip=206.189.101.64; envelope-from=dev@jpoiret.xyz; helo=jpoiret.xyz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -6.74 X-Spam-Score: -6.74 X-Migadu-Queue-Id: 6560A11854 X-TUID: aNG/J2MFuISf --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi both of you, Kaelyn writes: > About halfway through the email, your use of LUKS2 with Grub was tickling= my brain about what I remembered reading regarding Grub's LUKS2 support be= ing limited. While searching for references for that--and subsequently seei= ng that you were already using PBKDF2--I came across https://savannah.gnu.o= rg/bugs/?55093 which seems to hold the answer. According to the newest comm= ent, Grub 2.06 has a seemingly-undocumented additional requirement for work= ing with LUKS2 of needing to use sha256 as the keyslot hash. That's it: the GRUB userspace tools don't properly detect LUKS2 mapped devices and so don't include the modules needed to decrypt them. This is fixed in the newly released 2.12 (by yours truly), but we haven't packaged it yet. Using that would simply be the better solution, and I'll look into updating it in Guix soon. Best, =2D-=20 Josselin Poiret --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmWNpHYQHGRldkBqcG9p cmV0Lnh5egAKCRBQXkC5FhcaihqsC/wIs+9bu1d6c4QwzXPewsvBzNXHTu9NLjSO zXhX1dJx14twDC8hLL+x94QNVItB/9Cb0Sy65eFX2j1YxM50rb8zB4gNgixKgR60 4qmz7+5/ytTXs+Nbl60AxxOOC2B7e8BO/z95w1BBiAlSW6vgQxDoS40x8s30ru9r piK50RQ6/Yx67WD2M0mM9ml502jymvQ8WQ7SAtT+izwpiP+m0cb+o/YamTN4HEFB TaB6skl+7zrGftZwmJwD9qaVdeDXFHgIKCzi8kyj5ShuLH1Z72vk4AGQMPDxYRmS 0Ohljuxv/q+pSvhPCLjZGm2DR3YbZDSzY4sHDx1Kj5wvtKrAl0c2SPE0da1wJ00Y FYWIpeJQoPDI4CDdLYSHQOpomeqsdUiynoSGl14W9CscOCGNlpBxKt+sLy0oXL0Y QDon/h2P/xYEuS1kzdmUTx01IEXF54ji5aM3r/MbQ6n/5nd+Cznt1nxirUxQRvgX Ja6h59LlWCwE5emWxNSi5FVG7phoH0M= =Yquv -----END PGP SIGNATURE----- --=-=-=--