EndeavourOS encrypted partition

GregorTacTac@lemm.ee to Linux@lemmy.ml – 23 points –

I installed endeavourOS 2 days ago and then, the next day, there was a newnrelease of endeavourOS. It's supposed to have better encryption. Is it possible to upgrade encryption on Linux? An unrelated question: is it possible to change the password of an encrypted partition? I'm a beginner, so please explain your magical commands.

7

You are viewing a single comment

GRUB works just fine with LUKS2 these days. There is no need to switch bootloaders.

Apparently there's still some limitations, according to the Arch Wiki:

  • Initial LUKS2 support was added to GRUB 2.06, but with several limitations that are only partially addressed in GRUB 2.12rc1. See GRUB bug #55093.

  • Since GRUB 2.12rc1, grub-install can create a core image to unlock LUKS2. However, it only supports PBKDF2, not Argon2.

  • Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

There is this patch, although I have not tested it myself. There is always cryptsetup luksAddKey --pbkdf pbkdf2.

That patch looks promising. But I wouldn't recommend PBKDF2, I mean if you're going to go thru the trouble of converting to LUKS2 for stronger encryption, might as well go for Argon2.