(In reply to Neil Rickert from comment #4) > cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1 lvm > Yes, that's default aes-xts-plain64, LUKS header hashing: sha1 > Since you need a fixed image that works for all users of secure-boot, I > guess you would need to include all of the likely crypto. I suppose there won't be much harm in doing it, but let's wait for Michael.