[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/11: doc: Document LUKS2 GRUB support and shortcomings
From: |
guix-commits |
Subject: |
03/11: doc: Document LUKS2 GRUB support and shortcomings |
Date: |
Wed, 1 Dec 2021 11:55:26 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 4c5f970e8a2b946d9ae9f45631781ae3e1dc34dd
Author: Josselin Poiret <dev@jpoiret.xyz>
AuthorDate: Mon Nov 15 20:53:40 2021 +0000
doc: Document LUKS2 GRUB support and shortcomings
* doc/guix.texi (Keyboard Layout, Networking, and Partitioning)[Disk
Partitioning]: Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
doc/guix.texi | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 09553ab..a675631 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -98,6 +98,7 @@ Copyright @copyright{} 2021 pukkamustard@*
Copyright @copyright{} 2021 Alice Brenon@*
Copyright @copyright{} 2021 Andrew Tropin@*
Copyright @copyright{} 2021 Sarah Morgensen@*
+Copyright @copyright{} 2021 Josselin Poiret@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -2493,13 +2494,24 @@ mkfs.ext4 -L my-root /dev/sda2
If you are instead planning to encrypt the root partition, you can use
the Cryptsetup/LUKS utilities to do that (see @inlinefmtifelse{html,
@uref{https://linux.die.net/man/8/cryptsetup, @code{man cryptsetup}},
-@code{man cryptsetup}} for more information). Assuming you want to
-store the root partition on @file{/dev/sda2}, the command sequence would
-be along these lines:
+@code{man cryptsetup}} for more information).
+
+@quotation Warning
+Note that GRUB can unlock LUKS2 devices since version 2.06, but only
+supports the PBKDF2 key derivation function, which is not the default
+for @command{cryptsetup luksFormat}. You can check which key derivation
+function is being used by a device by running @command{cryptsetup
+luksDump @var{device}}, and looking for the PBKDF field of your
+keyslots.
+@end quotation
+
+Assuming you want to store the root partition on @file{/dev/sda2}, the
+command sequence to format it as a LUKS2 partition would be along these
+lines:
@example
-cryptsetup luksFormat /dev/sda2
-cryptsetup open --type luks /dev/sda2 my-partition
+cryptsetup luksFormat --type luks2 --pbkdf pbkdf2 /dev/sda2
+cryptsetup open /dev/sda2 my-partition
mkfs.ext4 -L my-root /dev/mapper/my-partition
@end example
- branch master updated (1a0696e -> 8cc099b), guix-commits, 2021/12/01
- 01/11: inferior: 'cached-channel-instance' does not cache unauthenticated instances., guix-commits, 2021/12/01
- 03/11: doc: Document LUKS2 GRUB support and shortcomings,
guix-commits <=
- 02/11: gnu: system: Add LUKS2 support for the root file system., guix-commits, 2021/12/01
- 04/11: installer: Make LUKS2 the default format for encrypted devices, guix-commits, 2021/12/01
- 05/11: gnu: Add python-codespell., guix-commits, 2021/12/01
- 10/11: gnu: Add libfido2., guix-commits, 2021/12/01
- 08/11: gnu: Add vim-nerdtree., guix-commits, 2021/12/01
- 06/11: gnu: Add smplayer., guix-commits, 2021/12/01
- 07/11: build-system: haskell: Add ‘hackage-uri’ procedure., guix-commits, 2021/12/01
- 11/11: gnu: openssh: Add support for ecdsa-sk, ed25519-sk ssh keys., guix-commits, 2021/12/01
- 09/11: gnu: Add libcbor., guix-commits, 2021/12/01