GNU bug report logs - #55723
Full disk encryption with grub-efi and LUKS2

Previous Next

Package: guix;

Reported by: Lars-Dominik Braun <lars <at> 6xq.net>

Date: Mon, 30 May 2022 10:09:01 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Josselin Poiret <dev <at> jpoiret.xyz>
To: Josselin Poiret <dev <at> jpoiret.xyz>, Lars-Dominik Braun <lars <at> 6xq.net>, 55723 <at> debbugs.gnu.org
Subject: bug#55723: [PATCH] doc: Warn about LUKS2-encrypted boot not working with GRUB.
Date: Tue, 31 May 2022 16:36:37 +0200

* doc/guix.texi (Disk Partitioning): Do it.
---
 doc/guix.texi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 1666466958..c7f6070ced 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -2560,6 +2560,11 @@ for @command{cryptsetup luksFormat}.  You can check which key derivation
 function is being used by a device by running @command{cryptsetup
 luksDump @var{device}}, and looking for the PBKDF field of your
 keyslots.
+
+Note also that having @file{/boot/} reside on a LUKS2-encrypted device
+is currently unsupported because of a GRUB 2.06 bug, see
+@url{https://issues.guix.gnu.org/55723, bug #55723}.  The graphical
+installer defaults to LUKS1 for this reason.
 @end quotation
 
 Assuming you want to store the root partition on @file{/dev/sda2}, the
-- 
2.36.0
This bug report was last modified 3 years and 9 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.