#27 Debian FDE w/ luks2 broken in 20210522

Open
opened 2 years ago by larbob · 4 comments
larbob commented 2 years ago

Following the Libreboot guide to setup Debian FDE does not result in a working install w/ Debian 10+ as luks2 is used. After cryptsetup -a is run, grub will ask for the passphrase, but instantly give an error that it is incorrect. Downgrading from luks2 to luks1 worked around the issue and the disk was able to be mounted.

Following the Libreboot guide to setup Debian FDE does not result in a working install w/ Debian 10+ as luks2 is used. After `cryptsetup -a` is run, grub will ask for the passphrase, but instantly give an error that it is incorrect. Downgrading from luks2 to luks1 worked around the issue and the disk was able to be mounted.
Leah Rowe commented 2 years ago
Owner

yes, grub luks2 is still broken. technically not an issue, just need to update the documentation to reflect this. i will do so

yes, grub luks2 is still broken. technically not an issue, just need to update the documentation to reflect this. i will do so

Please see the docs for more information.

In short:

Actually, its only the PBKDF2 key derivation function supported. Standard luks2 key derivation function is Argon2i.

Solution:

  1. change from Argon2i to PBKDF2
  2. or use luks1...
Please see the [docs](https://libreboot.org/docs/gnulinux/encrypted_debian.html#luksv2) for more information. In short: Actually, its only the PBKDF2 key derivation function supported. Standard luks2 key derivation function is Argon2i. Solution: 1. change from Argon2i to PBKDF2 2. or use luks1...
Leah Rowe commented 1 year ago
Owner

still broken, but there are patches dotted about the internet. i have this on todo to fix.

still broken, but there are patches dotted about the internet. i have this on todo to fix.

I think you mean patches to use the Argon2i key derivation function in luks2 ? Can you say why do you removed the hint to change only the key derivation? You don't need downgrade to luks1.

I think you mean patches to use the Argon2i key derivation function in luks2 ? Can you say why do you removed the hint to change only the key derivation? You don't need downgrade to luks1.
Sign in to join this conversation.
No Label
No Milestone
No assignee
3 Participants
Loading...
Cancel
Save
There is no content yet.