[oe-commits] [meta-openembedded] 10/16: cryptsetup: set the default luks format to LUKS1

git at git.openembedded.org git at git.openembedded.org
Thu Jul 11 21:01:51 UTC 2019 

This is an automated email from the git hooks/post-receive script.

khem pushed a commit to branch master-next
in repository meta-openembedded.

commit 11ff107a853f9ef6ad31ac6e3ed0f15fb8ada27f
Author: Yi Zhao <yi.zhao at windriver.com>
AuthorDate: Thu Jul 11 15:26:50 2019 +0800

    cryptsetup: set the default luks format to LUKS1
    
    The cryptsetup 2.1 uses LUKS2 format as the default LUKS format. This
    change introduced the following issues:
    
    * LUKS2 requires kernel userspace crypto API to be available
      (CONFIG_CRYPTO_USER_API and CONFIG_CRYPTO_USER_API_SKCIPHER). But
      linux-yocto doesn't enable these options by default. If missing these
      kernel modules, the cryptsetup will fall back to using dmcrypt-device
      for keyslot processing.
    
      $ cryptsetup --debug --type luks luksFormat /dev/sda3
        [snip]
        Checking if cipher aes-xts-plain64 is usable.
        Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
        Using dmcrypt to access keyslot area.
        [snip]
    
    * The grub can not decrypt a LUKS2 encrypted boot partition because it
      doesn't support LUKS2 now.
      See grub bug: https://savannah.gnu.org/bugs/?55093
    
    Add a PACKAGCONFIG for luks format and set the default LUKS format to
    LUKS1. The users can specify '--type luks2' in cryptsetup command line
    if they want to use LUKS2.
    
    Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
---
 meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
index a500b18..deaede8 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
@@ -65,6 +65,7 @@ PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
 PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
 PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
 PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
+PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
 
 RRECOMMENDS_${PN} = "kernel-module-aes-generic \
                      kernel-module-dm-crypt \

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list