Overview
Request 913630 superseded
- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when
using Argon.
- crypsetup 2.4.0 (jsc#SLE-20275)
* External LUKS token plugins
* Experimental SSH token
* Default LUKS2 PBKDF is now Argon2id
* Increase minimal memory cost for Argon2 benchmark to 64MiB.
* Autodetect optimal encryption sector size on LUKS2 format.
* Use VeraCrypt option by default and add --disable-veracrypt option.
* Support --hash and --cipher to limit opening time for TCRYPT type
* Fixed default OpenSSL crypt backend support for OpenSSL3.
* integritysetup: add integrity-recalculate-reset flag.
* cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
* Fix cryptsetup resize using LUKS2 tokens.
* Add close --deferred and --cancel-deferred options.
* Rewritten command-line option parsing to avoid libpopt arguments
memory leaks.
* Add --test-args option.
- Use LUKS2 as default format on Tumbleweed.
It provides some additional features which other tools
(e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking
LUKS2 volumes meanwhile.
- Created by lnussel
- In state superseded
- Supersedes 910003 911283 913115
- Superseded by 919547
- Open review for Base:System / grub2
RC submitted for staging test, not for checkin
Scary - Staging passed all tests; are we testing the right things? :)
https://github.com/OSInside/kiwi/issues/1898 should be fixed as well, otherwise non-EFI booting of kiwi generated images with /boot on LUKS2 is broken
Request History
lnussel created request
- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when
using Argon.
- crypsetup 2.4.0 (jsc#SLE-20275)
* External LUKS token plugins
* Experimental SSH token
* Default LUKS2 PBKDF is now Argon2id
* Increase minimal memory cost for Argon2 benchmark to 64MiB.
* Autodetect optimal encryption sector size on LUKS2 format.
* Use VeraCrypt option by default and add --disable-veracrypt option.
* Support --hash and --cipher to limit opening time for TCRYPT type
* Fixed default OpenSSL crypt backend support for OpenSSL3.
* integritysetup: add integrity-recalculate-reset flag.
* cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
* Fix cryptsetup resize using LUKS2 tokens.
* Add close --deferred and --cancel-deferred options.
* Rewritten command-line option parsing to avoid libpopt arguments
memory leaks.
* Add --test-args option.
- Use LUKS2 as default format on Tumbleweed.
It provides some additional features which other tools
(e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking
LUKS2 volumes meanwhile.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
lnussel_factory set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
lnussel_factory accepted review
Picked "openSUSE:Factory:Staging:M"
jengelh accepted review
favogt_factory added grub2 as a reviewer
Needs support in GRUB2 first. EFI is covered by sr 910166, BIOS still WIP.
Warning: This is not fully covered by staging tests.
RBrownSUSE added factory-staging as a reviewer
Being evaluated by group "factory-staging"
RBrownSUSE accepted review
Unstaged from project "openSUSE:Factory:Staging:M"
RBrownSUSE declined review
sr#915495 has newer source and is from the same project
RBrownSUSE declined request
sr#915495 has newer source and is from the same project
superseded by 919547
sr#910166 is revoked, you should reopen and then I would accept as long as "luks2 as default" is hitting the road... meanwhile for bios and the rest other than efi we may force grub modules "gcry_rijndael gcry_sha1 gcry_sha256" to the first stage image if and only if luks2 is detected (if we can't wait for full implementation of crytpo module detection) so that it is comparable with the status on efi.
@arvidjaar, @michael-chang, @rwill: review reminder
as yast is passing -t luks1, we are probably safe with this change for now (except that manually calling might give different results than doing it with yast)