#14 Libreboot 20210522 unable to decrypt LUKSv2/Argon2i

Open
opened 2 weeks ago by zalckos · 1 comments
zalckos commented 2 weeks ago

First I flashed grub_x200_8mb_libgfxinit_corebootfb_usqwerty.rom. After installing Debian 10.9.0 amd64 netinst according to the tutorial (https://libreboot.org/docs/gnulinux/encrypted_debian.html) on an X200 it first fails to reboot (#3). Later when I turn the power on normally it boots into GRUB and when it asks for my passphrase to unlock the encrypted device it tells me the passphrase is incorrect.

After I downgrade LUKS2 to LUKS1 (https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html#formatting-the-existing-boot-partition-to-luks1) GRUB is able to unlock the device and I am able to boot.

Also when I convert the keyslot from Argon2i to PBKDF2 but don't downgrade LUKS2 to LUKS1, GRUB seems to be able to decrypt the device.

First I flashed grub_x200_8mb_libgfxinit_corebootfb_usqwerty.rom. After installing Debian 10.9.0 amd64 netinst according to the tutorial (https://libreboot.org/docs/gnulinux/encrypted_debian.html) on an X200 it first fails to reboot (#3). Later when I turn the power on normally it boots into GRUB and when it asks for my passphrase to unlock the encrypted device it tells me the passphrase is incorrect. After I downgrade LUKS2 to LUKS1 (https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html#formatting-the-existing-boot-partition-to-luks1) GRUB is able to unlock the device and I am able to boot. Also when I convert the keyslot from Argon2i to PBKDF2 but don't downgrade LUKS2 to LUKS1, GRUB seems to be able to decrypt the device.
Leah Rowe commented 2 weeks ago
Owner

Please downgrade to LUKSv1 for now.

The new Libreboot release has an updated GRUB which supports LUKSv2, but the support is incompletely. However, GRUB has full support for LUKSv1.

Instructions for downgrading LUKSv2 to LUKSv1 were deleted from the Debian guide on libreboot.org. This was a mistake on my part, so I will re-add it. I will close this issue when I have.

Please downgrade to LUKSv1 for now. The new Libreboot release has an updated GRUB which supports LUKSv2, but the support is incompletely. However, GRUB has full support for LUKSv1. Instructions for downgrading LUKSv2 to LUKSv1 were deleted from the Debian guide on libreboot.org. This was a mistake on my part, so I will re-add it. I will close this issue when I have.
Sign in to join this conversation.
No Label
No Milestone
No assignee
2 Participants
Loading...
Cancel
Save
There is no content yet.