Hi Ludwig, On Mon, Aug 23, 2021 at 03:13:04PM +0200, Ludwig Nussel wrote:
Hi,
For some years upstream cryptsetup already used LUKS2 as default on-disk format. The Tumbleweed package stayed with LUKS1 so far though. As grub 2.06 recently gained LUKS2 support, cryptsetup can finally switch. A cryptsetup 2.4.0 update is currently in staging and will likely land in TW soon. After that new installations will use LUKS2 for encrypted hard disks.
No, the support can only be considered partially. While the grub cryptomount may be able to mount LUKS2 volumes at boot up *if porperly configured*, the auto-configuation support through grub-install and grub-probe is not ready yet, so it can't really work atm. I would be surprised if that can pass the staging test ...
Unfortunately grub2 can't handle Argon2 as key-derivation function yet. So TW has to stay with PBKDF2 for now.
Yes this is still missing. Thanks, Michael
Information about LUKS2 etc can be found upstream: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home
cu Ludwig
-- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)