EndeavourOS default luks settings


Could you please help me out with the LUKS settings that Endeavour uses by default?

I want to encrypt an external drive the same way as the system. I found the appropriate command in ArchWiki and slightly modified it:

cryptsetup --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 2000 --key-size 512 --pbkdf argon2id --use-urandom --verify-passphrase luksFormat device

Can you confirm my understanding of endeavour defaults?

It depends. Which ISO did you install from and which bootloader did you choose.

I used Galileo ISO and install with systemd-boot.

In that case you will get luks2. That is actually handled by kpmcore. I took a look through the code of kpmcore and it looks like it is doing this:

cryptsetup -s 512 --batch-mode --force-password --type luks2 luksFormat
  • -s is the same as --key-size
  • You probably don’t need --batch-mode
  • --force-password just ignores password checking

So you probably only need:

cryptsetup --key-size 512 --type luks2 luksFormat

The rest of those settings are likely left to their default values by kpmcore.

All that being said, you probably don’t need to match the values directly.

I’m very grateful to you. Thank you!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.