[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #65162] grub-install: does not detect required algorithm to decrypt
|
From: |
Peter Volkov |
|
Subject: |
[bug #65162] grub-install: does not detect required algorithm to decrypt luks2 |
|
Date: |
Sun, 14 Jan 2024 14:19:37 -0500 (EST) |
URL:
<https://savannah.gnu.org/bugs/?65162>
Summary: grub-install: does not detect required algorithm to
decrypt luks2
Group: GNU GRUB
Submitter: pva0xd
Submitted: Вс 14 янв 2024 19:19:36
Category: Installation
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Release: Git master
Release:
Discussion Lock: Any
Reproducibility: None
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Вс 14 янв 2024 19:19:36 By: Peter Volkov <pva0xd>
I'm using grub 2.12 with GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub. My
/boot partition is encrypted with luks2.
If install grub with the following command:
$ grub-install --boot-directory=/boot --efi-directory=/boot/efi
--target=x86_64-efi /dev/nvme0n1
I'm unable to boot my system. The problem is that I'm using 512 bit key, while
grub-mkimage is not installing gcry_sha512:
grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '' --output
'/boot/grub/x86_64-efi/grub.efi' --format 'x86_64-efi' --compression 'auto'
--config '/boot/grub/x86_64-efi/load.cfg' 'btrfs' 'cryptodisk' 'luks2'
'gcry_rijndael' 'gcry_rijndael' 'gcry_sha256' 'part_gpt'
To fix this problem I've used --modules option:
$ grub-install --boot-directory=/boot --efi-directory=/boot/efi
--target=x86_64-efi --modules=gcry_sha512 /dev/nvme0n1
Yet I think autodetection is needed here. That's why this bug report.
BTW, thanks for improving luks2 support in grub! This work is really
appreciated!
========================================================
x1 ~ # cryptsetup luksDump /dev/nvme0n1p2
LUKS header information
Version: 2
Epoch: 12
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 78a0d770-9d7a-49ed-b361-d13b1cba9db8
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2i
Time cost: 7
Memory: 1048576
Threads: 4
Salt: ff 5f 21 e2 11 18 83 6a 24 84 64 ac 6c 62 4d dc
87 50 66 8f c5 3a 14 e9 6c 59 37 63 07 15 71 e1
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 3371626
Salt: c0 42 9c 79 85 1a 20 ac 62 88 28 08 e2 84 67 16
af cf 64 d2 47 ce f7 83 ff 96 c6 68 a8 90 56 19
AF stripes: 4000
AF hash: sha512
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 151353
Salt: 9c bd db 3e d7 69 33 78 85 a3 da 6e ce 55 f7 ab
7f 50 71 ee 82 b6 1a 13 63 f5 73 a7 86 b5 c9 b7
Digest: 70 51 98 d3 5e b9 ad 21 4a fa c2 52 be 75 2d 03
e8 99 d7 95 2a 55 67 38 15 e8 eb 92 5a 3e 54 29
========================================================
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?65162>
_______________________________________________
Сообщение отправлено по Savannah
https://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #65162] grub-install: does not detect required algorithm to decrypt luks2,
Peter Volkov <=