luks2 in the dm-crypt command
Bug #1893764 reported by
Junien F
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
curtin |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hi,
Currently, if your machine doesn't support zkey, curtin uses type "luks" in the dm-crypt command, and there's no way to change that.
Could we add an "type" option to allow instructing curtin to use type "luks2" instead of "luks" ?
Or perhaps make "luks2" the default ?
Thanks
To post a comment you must log in.
Thanks for filing the bug.
The dm_crypt storage config could add a luks_type field.
We'll need to discuss whether to support the additional types, plain, loopaes, tcrypt, bitlk
And even for just luks2, determine what, if any additional values need to be provided, specifically
[--integrity, --integrity- no-wipe, --sector-size, --label, --subsystem, metadata- size, keyslots- size, --keyslot-cipher, --keyslot-key-size]
--pbkdf, --pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring, --luks2-
--luks2-
Likely we'd want to select some best practice defaults and
not expose all of these options initially.