On 2021-12-06, Marc Riedel wrote: > Please add luks2 module to build-efi-images and please notice in the > changelog, that only PBKDF2 is currently supported.
I've been poking at this, and grub-efi-amd64-bin 2.06-7 does end up with luks2.mod on the boot partition, but it fails to load unless I disable secure boot from EFI. With secure boot disabled, I was able to manually decrypt a luks2 volume with cryptomount (when using --pbkdf2 pbkdf2) ... from rough memory: insmod luks2 insmod pbkdf2 insmod password_pbkdf2 cryptmount -u UUID ls (cryptN)/ Not entirely sure I actually needed to load pbkdf2 and password_pkdf2. So it seems support is needed to make sure the luks2 module is signed and loaded from grub.cfg when needed... > *** /tmp/build-efi-images.patch > --- build-efi-images.orig 2021-12-06 23:47:58.369609691 +0100 > +++ build-efi-images 2021-12-06 23:48:07.717711282 +0100 > @@ -180,6 +180,7 @@ > gcry_twofish > gcry_whirlpool > luks > + luks2 > lvm > mdraid09 > mdraid1x Will this patch fix the signed module issue? Or is that handled some other way? live well, vagrant
signature.asc
Description: PGP signature
