From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id UBPnDzab4WVGewEA62LTzQ:P1
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 01 Mar 2024 10:09:10 +0100
Received: from aspmx1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id UBPnDzab4WVGewEA62LTzQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 01 Mar 2024 10:09:10 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=fabionatali.com header.s=gm1 header.b=KxaFPOFZ;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=reject) header.from=fabionatali.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1709284150;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=o+G1Nog/uLsjNUMPY0nK2vVeV52urgCkPNQ2aHH9Um8=;
	b=itb2kfrc6P96o5mXQ4+Vb0Ci+juIlOgg571inLGkAhP7unxAC9hv7e7M+fLGm1D0KNfgAh
	XLsusY77ZYg2egN720qFrjyVlxNooG1XvWkNVI/1hF88GlkEZBchHP4bIfftsbHTTvRt8u
	p9sqGWwLrbncW0/5SxP3AvHGdIQ3gNVRQT8xNSIIW0yS0PKwiEmEfaoVc/mMYEofHgvhMW
	lwUB1yKf75/UxrjJc/H4APH6D7S3nSlbLvrDnthw0x3+9/NfFBHj9rU3M46YpXqnd69ka0
	kE6UDFDlCAqYXKHJQJ3P589L0bCM/D4pIrdg04YDzsX5jeBHnKbPc1txUyGhBw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=fabionatali.com header.s=gm1 header.b=KxaFPOFZ;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=reject) header.from=fabionatali.com
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1709284150; a=rsa-sha256; cv=none;
	b=C+J1JZn41nAdhjE0njMA8LB8SRE9zfJF4k7UV3sbf+8IKoY3ZqbPLyHguMkr8DcK3aOB0b
	ATbOk+xkRL+tQKPZLWH4Cp/LSdf6dnP5fwB+lTaLkw5YwelYUenXs/u2DvwpMLPigEhSK5
	B20CGRvWyEG4DTtFEBZF0dnuT2eWKWmpXAbmBLY/dGD/Of5PS4XHnkmoublg7nc5I8CNpI
	YpRgZoMAqZFhXZDsGG5cOPzZ/JiigbCdQObYb041UeL7fm51ecpLsh5wzkOw3J5ngt23i9
	5RbN5PrJ9tmsD3vABv6nz4pXHKCw72ex1MQP8RKByM798+m9Ub06CeXKTWcLcA==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id DAB2D24E80
	for <larch@yhetil.org>; Fri,  1 Mar 2024 10:09:09 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1rfysY-0007eb-WF; Fri, 01 Mar 2024 04:08:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@fabionatali.com>)
 id 1rfysX-0007eK-Mn
 for guix-devel@gnu.org; Fri, 01 Mar 2024 04:08:29 -0500
Received: from relay1-d.mail.gandi.net ([2001:4b98:dc4:8::221])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@fabionatali.com>)
 id 1rfysV-0000sE-Ee
 for guix-devel@gnu.org; Fri, 01 Mar 2024 04:08:29 -0500
Received: by mail.gandi.net (Postfix) with ESMTPSA id 933D5240002
 for <guix-devel@gnu.org>; Fri,  1 Mar 2024 09:08:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fabionatali.com;
 s=gm1; t=1709284101;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=o+G1Nog/uLsjNUMPY0nK2vVeV52urgCkPNQ2aHH9Um8=;
 b=KxaFPOFZSll2mdhaeCy8TpIf/SOsVhYIH3oqhLhzc1arHZ4L1cRMbV0kAas8eXli3tcJBD
 bejTvwrSudGc8vWsLFPOHhDnU/OJeTt61CzKapek92xczezpByybjgZ1mM8XtIJ7O/cdKH
 hh4jnucDOObArc58g2tbcoHA2P2g871mt80Oa/4PnJrwr1z5gAu0ePFZHRm4tAOD5Yinvq
 r2M3jDw5hnaOrTMVY7Lv7BKWJU7s+rPIEeQpRSeYkXbzuVadMwS24IZRD1R8OpGvkYd+jd
 msk7q38FSO7sGsQ2jw0Fw939rfp+Q+Kw4dz5HNdZaDGXTLw/v4BO9UnEUHaypQ==
From: Fabio Natali <me@fabionatali.com>
To: guix-devel@gnu.org
Subject: LUKS2 support in Guix
Date: Fri, 01 Mar 2024 09:08:21 +0000
Message-ID: <87plweiaka.fsf@fabionatali.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-GND-Sasl: me@fabionatali.com
Received-SPF: pass client-ip=2001:4b98:dc4:8::221;
 envelope-from=me@fabionatali.com; helo=relay1-d.mail.gandi.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Scanner: mx10.migadu.com
X-Migadu-Spam-Score: -3.26
X-Spam-Score: -3.26
X-Migadu-Queue-Id: DAB2D24E80
X-TUID: ukaAdL5J+Mhw

Hi =F0=9F=91=8B,

I wasn't able to use a LUKS2+PBKDF2 encrypted partition when setting up
a machine recently. I understand this isn't supported by the version of
GRUB currently shipped in Guix.

Basically, with a LUKS2+PBKDF2 drive, you get stuck at boot with no
chance for GRUB to detect the relevant partitions. Or, at least, that
was my experience with that setup.

The Guix manual would indicate that LUKS2 is actually supported, when
used in combination with PBKDF2=E2=81=B0:

> Note that GRUB can unlock LUKS2 devices since version 2.06, but only
> supports the PBKDF2 key derivation function, which is not the default
> for cryptsetup luksFormat. You can check which key derivation function
> is being used by a device by running cryptsetup luksDump device, and
> looking for the PBKDF field of your keyslots.

If I'm right in thinking that LUKS2+PBKDF2 is not supported and there's
no clear timeline for a fix yet, could it be worth to amend the manual
to say that it has to be LUKS1 at this stage?

Glad to amend the manual in case, but I might as well be missing
something here, so I wanted to check with you first.

Thanks, best wishes, Fabio.


=E2=81=B0 https://guix.gnu.org/manual/devel/en/html_node/Keyboard-Layout-an=
d-Networking-and-Partitioning.html#Disk-Partitioning


--=20
Fabio Natali
https://fabionatali.com