URL: <https://savannah.gnu.org/bugs/?65162>
Summary: grub-install: does not detect required algorithm to decrypt luks2 Group: GNU GRUB Submitter: pva0xd Submitted: Вс 14 янв 2024 19:19:36 Category: Installation Severity: Major Priority: 5 - Normal Item Group: Feature Request Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Release: Git master Release: Discussion Lock: Any Reproducibility: None Planned Release: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Вс 14 янв 2024 19:19:36 By: Peter Volkov <pva0xd> I'm using grub 2.12 with GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub. My /boot partition is encrypted with luks2. If install grub with the following command: $ grub-install --boot-directory=/boot --efi-directory=/boot/efi --target=x86_64-efi /dev/nvme0n1 I'm unable to boot my system. The problem is that I'm using 512 bit key, while grub-mkimage is not installing gcry_sha512: grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '' --output '/boot/grub/x86_64-efi/grub.efi' --format 'x86_64-efi' --compression 'auto' --config '/boot/grub/x86_64-efi/load.cfg' 'btrfs' 'cryptodisk' 'luks2' 'gcry_rijndael' 'gcry_rijndael' 'gcry_sha256' 'part_gpt' To fix this problem I've used --modules option: $ grub-install --boot-directory=/boot --efi-directory=/boot/efi --target=x86_64-efi --modules=gcry_sha512 /dev/nvme0n1 Yet I think autodetection is needed here. That's why this bug report. BTW, thanks for improving luks2 support in grub! This work is really appreciated! ======================================================== x1 ~ # cryptsetup luksDump /dev/nvme0n1p2 LUKS header information Version: 2 Epoch: 12 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 78a0d770-9d7a-49ed-b361-d13b1cba9db8 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 7 Memory: 1048576 Threads: 4 Salt: ff 5f 21 e2 11 18 83 6a 24 84 64 ac 6c 62 4d dc 87 50 66 8f c5 3a 14 e9 6c 59 37 63 07 15 71 e1 AF stripes: 4000 AF hash: sha256 Area offset:32768 [bytes] Area length:258048 [bytes] Digest ID: 0 1: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: pbkdf2 Hash: sha512 Iterations: 3371626 Salt: c0 42 9c 79 85 1a 20 ac 62 88 28 08 e2 84 67 16 af cf 64 d2 47 ce f7 83 ff 96 c6 68 a8 90 56 19 AF stripes: 4000 AF hash: sha512 Area offset:290816 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 151353 Salt: 9c bd db 3e d7 69 33 78 85 a3 da 6e ce 55 f7 ab 7f 50 71 ee 82 b6 1a 13 63 f5 73 a7 86 b5 c9 b7 Digest: 70 51 98 d3 5e b9 ad 21 4a fa c2 52 be 75 2d 03 e8 99 d7 95 2a 55 67 38 15 e8 eb 92 5a 3e 54 29 ======================================================== _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?65162> _______________________________________________ Сообщение отправлено по Savannah https://savannah.gnu.org/