luks2 in the dm-crypt command

Bug #1893764 reported by Junien Fridrick
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description


Currently, if your machine doesn't support zkey, curtin uses type "luks" in the dm-crypt command, and there's no way to change that.
Could we add an "type" option to allow instructing curtin to use type "luks2" instead of "luks" ?

Or perhaps make "luks2" the default ?


Revision history for this message
Ryan Harper (raharper) wrote :

Thanks for filing the bug.

The dm_crypt storage config could add a luks_type field.

We'll need to discuss whether to support the additional types, plain, loopaes, tcrypt, bitlk
And even for just luks2, determine what, if any additional values need to be provided, specifically

[--integrity, --integrity-no-wipe, --sector-size, --label, --subsystem,
  --pbkdf, --pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring, --luks2-metadata-size,
  --luks2-keyslots-size, --keyslot-cipher, --keyslot-key-size]

Likely we'd want to select some best practice defaults and
not expose all of these options initially.

Changed in curtin:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers