diff mbox series

[bug#38826] doc: Mention no LUKS2 for luks-device-mapping

Message ID 8736cxl2um.fsf@lappy.randomroad.net
State Under Review
Headers show
Series [bug#38826] doc: Mention no LUKS2 for luks-device-mapping | expand

Checks

Context Check Description
cbaines/applying patch fail Apply failed

Commit Message

David Trudgian Jan. 3, 2020, 1:56 a.m. UTC
Hi Danny, Tobias,

>>> A mention LUKS2 is not supported in the docs might be nice.
>>
>> I agree.
>
> Same.  Would you consider submitting a patch, David?  Or writing the
> text?

My original email had a patch attached (or should have). Apologies -
there was no [PATCH] on the subject. Attaching here in case.

>> But better yet would be to implement LUKS2 in the uuid code.

I intend to take a look at this when I get time in the next week or so.

> Has LUKS2 support[0] been added to GRUB yet?  Last I checked it
> hadn't.

I don't believe GRUB has LUKS2 support for booting from an encrypted
partition merged yet. The last I saw there was a patch for LUKS2 but it
didn't support the Argon 2i PBKDF which is the default you get when you
use LUKS2 in distros where a separate `/boot` is kept unencrypted, so it
wouldn't be useful yet.

It would still be good to be able to boot from LUKS1 but mount non-boot
LUKS2 partitions, so people like me coming from other distros can mount
their encrypted `/home` or similar without having to convert to LUKS1.

I have actually converted to LUKS1, which requires converting the key to
pbkdf2 first...

cryptsetup luksConvertKey --pbkdf=pbkdf2 /dev/sdc1
cryptsetup convert /dev/sdc1 --type luks1

...but I can easily create LUKS2 things to work on the UUID code.

Cheers,

DT
diff mbox series

Patch

From 97ed4c1859e797adf4ba813ac7db3d1b8261a569 Mon Sep 17 00:00:00 2001
From: David Trudgian <EMAIL>
Date: Mon, 30 Dec 2019 21:37:35 -0600
Subject: [PATCH] Mention no LUKS2 in luks-device-mapping doc

---
 doc/guix.texi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 70e3dfea6a..232d99d508 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -69,6 +69,7 @@  Copyright @copyright{} 2019 Jakob L. Kreuze@*
 Copyright @copyright{} 2019 Kyle Andrews@*
 Copyright @copyright{} 2019 Alex Griffin@*
 Copyright @copyright{} 2019 Guillaume Le Vaillant@*
+Copyright @copyright{} 2019 David C. Trudgian@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -11470,6 +11471,10 @@  This must be a @code{mapped-device-kind} object, which specifies how
 This defines LUKS block device encryption using the @command{cryptsetup}
 command from the package with the same name.  It relies on the
 @code{dm-crypt} Linux kernel module.
+
+Note that currently only LUKS1 encrypted devices are supported. Existing
+LUKS2 devices can be opened and mounted after boot, using
+@code{cryptsetup luksOpen}.
 @end defvr
 
 @defvr {Scheme Variable} raid-device-mapping
-- 
2.24.1