Should Calamares be set to use LUKS2 now when encrypting partitions? GRUB gained support for LUKS2 back in January:
1 Like
That would cause some havoc for people who use grub to boot multiple distros since that version of grub won’t be present on other distros for some time.
1 Like
Might there be the possibility that in calamares I can choose which version of LUKS is used?
I only install EOS on my machines (sometimes together with Windows 
) and will not get in trouble with grub.
1 Like
basically it needs only to change the luks command from luks to luks2 … so should be possible to change this on the run for calamares…
2 Likes
Originally the cryptsetup luksFormat in Calamares did not specify a luks type.
The release of cryptsetup 2.0 changed the default from luks1 to luks2, which lead to broken installs because grub was unable to decrypt a luks2 container.
Calamares eventually patched with cryptsetup luksFormat --type luks1 .
Now grub supports luks2 decryption, after it being in the dev queue for years, but the type is probably still explicitly luks1 in Calamares.
This is not necessarily a bad thing. Not all distros would have the new grub, particularly Debian based distros, and luks1 is still solid.
Maybe when Debian 11 is released a change to Calamares could be done? Either omit a specific type and use the cryptsetup default (now luks2), or allow a choice of luks container type.
3 Likes
i do not read all of this … but this should give the needed information…
2 Likes
I did not read all but many of the posts. They are still discussing if an option to switch from LUKS1 to LUKS2 for cryptsetup should be included or not.
I agree with this statement.
Until full LUKS2 grub support is implemented the proposed benefits …
are negligible.
EDIT :
Reading up on Arch Wiki and grub is definitely not ready for mainline luks2 usage.
https://wiki.archlinux.org/title/GRUB#LUKS2
Aside from no argon2 support … grub-install won’t support unlocking luks2 containers OOTB.
Yeah, nah.
2 Likes