Hi, On Mon, 15 Apr 2019 at 22:46:16 +0200, Cyril Brulebois wrote: > And sorry for the lag. While I understand why one might want to use > LUKS2, this switch seems to be happening very late in the release cycle…
The discussion started in summer 2018 though. We I objected to ‘partman-crypto/merge_requests/1’ the plan was to default to LUKS2 ready in late 2018, so time for Buster. Sorry for rushing this now. In retrospect a better path would have been to leave ‘--type=luks2’ in d-i, at least for early tests. > but I haven't spotted anything like that when testing the guided > encrypted LVM recipe (that's one of the usual tests I run before > deciding a release can be prepared). cryptsetup doesn't directly use getrandom() at the moment; instead it open()s /dev/urandom (resp. /dev/random if `--use-random` is set) and read()s from it. Reading from /dev/urandom isn't blocking, unless `--use-random` is set the change won't affect entropy starvation. However getrandom(,16, GRND_NONBLOCK) is used indirectly by libuuid's uuid_generate(). However changing the LUKS version (or downgrading cryptsetup) has no impact here; and FWIW `mkfs` generates UUIDs as well. Cheers, -- Guilhem.
signature.asc
Description: PGP signature
