On 8/24/21 5:16 AM, Michael Chang wrote:
On Mon, Aug 23, 2021 at 04:20:29PM +0200, Ludwig Nussel wrote:
Michael Chang wrote:
On Mon, Aug 23, 2021 at 03:13:04PM +0200, Ludwig Nussel wrote:
[...]
I would be surprised if that can pass the staging test ...
I thought I saw it green with the RC version. Still building in :M now after rebase, we'll see..
I'm not sure if staging test covers FDE (full disk encryption) with luks2, or we only use that for data volumes, leaving /boot unencrypted.
It passes because YaST explicitly enforces LUKS1 to the devices it encrypts. So no matter what's the cryptsetup default, if the users choose "Enable Disk Encryption" in the Guided Setup or if they use the Expert Partitioner to setup an encrypted volume, YaST will execute in the end something like: cryptsetup --type luks1 luksFormat /foo/bar That's done on purpose due to all the LUKS2 concerns I already linked before. Cheers. -- Ancor González Sosa YaST Team at SUSE Software Solutions