From: Fabio Natali <me@fabionatali.com>
To: guix-devel@gnu.org
Subject: LUKS2 support in Guix
Date: Fri, 01 Mar 2024 09:08:21 +0000 [thread overview]
Message-ID: <87plweiaka.fsf@fabionatali.com> (raw)
Hi 👋,
I wasn't able to use a LUKS2+PBKDF2 encrypted partition when setting up
a machine recently. I understand this isn't supported by the version of
GRUB currently shipped in Guix.
Basically, with a LUKS2+PBKDF2 drive, you get stuck at boot with no
chance for GRUB to detect the relevant partitions. Or, at least, that
was my experience with that setup.
The Guix manual would indicate that LUKS2 is actually supported, when
used in combination with PBKDF2⁰:
> Note that GRUB can unlock LUKS2 devices since version 2.06, but only
> supports the PBKDF2 key derivation function, which is not the default
> for cryptsetup luksFormat. You can check which key derivation function
> is being used by a device by running cryptsetup luksDump device, and
> looking for the PBKDF field of your keyslots.
If I'm right in thinking that LUKS2+PBKDF2 is not supported and there's
no clear timeline for a fix yet, could it be worth to amend the manual
to say that it has to be LUKS1 at this stage?
Glad to amend the manual in case, but I might as well be missing
something here, so I wanted to check with you first.
Thanks, best wishes, Fabio.
⁰ https://guix.gnu.org/manual/devel/en/html_node/Keyboard-Layout-and-Networking-and-Partitioning.html#Disk-Partitioning
--
Fabio Natali
https://fabionatali.com
next reply other threads:[~2024-03-01 9:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 9:08 Fabio Natali [this message]
2024-03-01 13:25 ` LUKS2 support in Guix Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-03-02 7:41 ` Oleg Pykhalov
2024-03-02 12:45 ` Fabio Natali
2024-03-02 21:23 ` Josselin Poiret
2024-03-03 8:58 ` Fabio Natali
2024-03-03 16:42 ` [PATCH 1/2] gnu: grub: Update to 2.12 Josselin Poiret
2024-03-03 16:42 ` [PATCH 2/2] gnu: grub: Modernize Josselin Poiret
2024-03-05 9:53 ` Fabio Natali
2024-03-09 9:42 ` Josselin Poiret
2024-03-11 14:47 ` Fabio Natali
2024-03-03 3:08 ` LUKS2 support in Guix Maxim Cournoyer
2024-03-03 9:03 ` Fabio Natali
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87plweiaka.fsf@fabionatali.com \
--to=me@fabionatali.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.