Dne 29. 04. 21 v 11:30 Petr Vorel napsal(a):
On 28.04.2021 23:11, Petr Vorel wrote:
That allows passing the password from grub to initrd.
Not that I am aware of. Care to elaborate? [3]. Obviously we'd need to transform /etc/initramfs-tools/hooks/crypto_keyfile into Dracut hook (IMHO trivial).
BTW with further tweaking and some limitations it works with LUKS2 :).
Can you be more specific about the limitations?
IIRC the openSUSE default PBKDF for LUKS2-encrypted disks is Argon2i, but GRUB does not implement this key-derivation function, so my system would become unbootable, unless I make sure to configure one keyslot explicitly to PBKDF2. Yes, missing Argon2i is the main limitation. Converting to PBKDF2 is trivial, but it has to be handled once yast gets support for LUKS2. I suppose Patrick Steinhardt is planning to add it, but after grub-2.06 (decided few months ago - before grub-2.06-rc1).
Other limitation is missing LUKS2 detection in grub-probe. https://savannah.gnu.org/bugs/?55093 IMHO it shouldn't be that difficult to implement it. Kind regards, Petr
Is that what you mean? Well, I would once again perceive it as a regression.
Just my two cents, Petr T