EndeavourOS encrypted partition

GregorTacTac@lemm.ee to Linux@lemmy.ml – 23 points –

I installed endeavourOS 2 days ago and then, the next day, there was a newnrelease of endeavourOS. It's supposed to have better encryption. Is it possible to upgrade encryption on Linux? An unrelated question: is it possible to change the password of an encrypted partition? I'm a beginner, so please explain your magical commands.

7

You are viewing a single comment
View all commentsShow the parent comment

GRUB works just fine with LUKS2 these days. There is no need to switch bootloaders.

Apparently there's still some limitations, according to the Arch Wiki:

  • Initial LUKS2 support was added to GRUB 2.06, but with several limitations that are only partially addressed in GRUB 2.12rc1. See GRUB bug #55093.

  • Since GRUB 2.12rc1, grub-install can create a core image to unlock LUKS2. However, it only supports PBKDF2, not Argon2.

  • Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

There is this patch, although I have not tested it myself. There is always cryptsetup luksAddKey --pbkdf pbkdf2.

That patch looks promising. But I wouldn't recommend PBKDF2, I mean if you're going to go thru the trouble of converting to LUKS2 for stronger encryption, might as well go for Argon2.