luks2 in the dm-crypt command
Bug #1893764 reported by
Junien F
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| curtin |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Hi,
Currently, if your machine doesn't support zkey, curtin uses type "luks" in the dm-crypt command, and there's no way to change that.
Could we add an "type" option to allow instructing curtin to use type "luks2" instead of "luks" ?
Or perhaps make "luks2" the default ?
Thanks
Revision history for this message
| Ryan Harper (raharper) wrote | #1 |
| Changed in curtin: | |
| status: | New → Confirmed |
Revision history for this message
| Pawel (cryptonix) wrote | #2 |
Revision history for this message
| Josef Wolf (jw-raven) wrote | #3 |
Revision history for this message
| Junien F (axino) wrote | #4 |
To post a comment you must log in.
Thanks for filing the bug.
The dm_crypt storage config could add a luks_type field.
We'll need to discuss whether to support the additional types, plain, loopaes, tcrypt, bitlk
And even for just luks2, determine what, if any additional values need to be provided, specifically
[--integrity, --integrity-
--pbkdf, --pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring, --luks2-
--luks2-
Likely we'd want to select some best practice defaults and
not expose all of these options initially.