[bug#38826] doc: Mention no LUKS2 for luks-device-mapping

Message ID	8736cxl2um.fsf@lappy.randomroad.net
State	Under Review
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#38826] doc: Mention no LUKS2 for luks-device-mapping Resent-From: David Trudgian <dave@trudgian.net> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 Jan 2020 02:08:02 +0000 Resent-Message-ID: <handler.38826.B38826.15780172572631@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org Cc: David Trudgian <dave@trudgian.net>, Danny Milosavljevic <dannym@scratchpost.org>, 38826@debbugs.gnu.org References: <20191231034701.GA10716@lappy> <20200102233256.4250ec30@scratchpost.org> <87png18o7d.fsf@nckx> User-agent: mu4e 1.2.0; emacs 26.3 From: David Trudgian <dave@trudgian.net> In-reply-to: <87png18o7d.fsf@nckx> Date: Thu, 02 Jan 2020 19:56:33 -0600 Message-ID: <8736cxl2um.fsf@lappy.randomroad.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	[bug#38826] doc: Mention no LUKS2 for luks-device-mapping \| expand [bug#38826] doc: Mention no LUKS2 for luks-device-mapping

Message ID

8736cxl2um.fsf@lappy.randomroad.net

State

Under Review

Headers

Subject: [bug#38826] doc: Mention no LUKS2 for luks-device-mapping
Resent-From: David Trudgian <dave@trudgian.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 03 Jan 2020 02:08:02 +0000
Resent-Message-ID: <handler.38826.B38826.15780172572631@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: David Trudgian <dave@trudgian.net>,
 Danny Milosavljevic <dannym@scratchpost.org>, 38826@debbugs.gnu.org
References: <20191231034701.GA10716@lappy>
 <20200102233256.4250ec30@scratchpost.org> <87png18o7d.fsf@nckx>
User-agent: mu4e 1.2.0; emacs 26.3
From: David Trudgian <dave@trudgian.net>
In-reply-to: <87png18o7d.fsf@nckx>
Date: Thu, 02 Jan 2020 19:56:33 -0600
Message-ID: <8736cxl2um.fsf@lappy.randomroad.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Precedence: list
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>

Series

[bug#38826] doc: Mention no LUKS2 for luks-device-mapping | expand

Context	Check	Description
cbaines/applying patch	fail	Apply failed

Context

Check

Description

cbaines/applying patch

fail

Apply failed

Commit Message

David Trudgian Jan. 3, 2020, 1:56 a.m. UTC

Hi Danny, Tobias,

>>> A mention LUKS2 is not supported in the docs might be nice.
>>
>> I agree.
>
> Same.  Would you consider submitting a patch, David?  Or writing the
> text?

My original email had a patch attached (or should have). Apologies -
there was no [PATCH] on the subject. Attaching here in case.

>> But better yet would be to implement LUKS2 in the uuid code.

I intend to take a look at this when I get time in the next week or so.

> Has LUKS2 support[0] been added to GRUB yet?  Last I checked it
> hadn't.

I don't believe GRUB has LUKS2 support for booting from an encrypted
partition merged yet. The last I saw there was a patch for LUKS2 but it
didn't support the Argon 2i PBKDF which is the default you get when you
use LUKS2 in distros where a separate `/boot` is kept unencrypted, so it
wouldn't be useful yet.

It would still be good to be able to boot from LUKS1 but mount non-boot
LUKS2 partitions, so people like me coming from other distros can mount
their encrypted `/home` or similar without having to convert to LUKS1.

I have actually converted to LUKS1, which requires converting the key to
pbkdf2 first...

cryptsetup luksConvertKey --pbkdf=pbkdf2 /dev/sdc1
cryptsetup convert /dev/sdc1 --type luks1

...but I can easily create LUKS2 things to work on the UUID code.

Cheers,

DT

From 97ed4c1859e797adf4ba813ac7db3d1b8261a569 Mon Sep 17 00:00:00 2001
From: David Trudgian <EMAIL>
Date: Mon, 30 Dec 2019 21:37:35 -0600
Subject: [PATCH] Mention no LUKS2 in luks-device-mapping doc

---
 doc/guix.texi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 70e3dfea6a..232d99d508 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -69,6 +69,7 @@  Copyright @copyright{} 2019 Jakob L. Kreuze@*
 Copyright @copyright{} 2019 Kyle Andrews@*
 Copyright @copyright{} 2019 Alex Griffin@*
 Copyright @copyright{} 2019 Guillaume Le Vaillant@*
+Copyright @copyright{} 2019 David C. Trudgian@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -11470,6 +11471,10 @@  This must be a @code{mapped-device-kind} object, which specifies how
 This defines LUKS block device encryption using the @command{cryptsetup}
 command from the package with the same name.  It relies on the
 @code{dm-crypt} Linux kernel module.
+
+Note that currently only LUKS1 encrypted devices are supported. Existing
+LUKS2 devices can be opened and mounted after boot, using
+@code{cryptsetup luksOpen}.
 @end defvr
 
 @defvr {Scheme Variable} raid-device-mapping
-- 
2.24.1

[bug#38826] doc: Mention no LUKS2 for luks-device-mapping

Checks

Commit Message

Patch