On 30/01/2022 20:40, Maxim Fomin wrote:
This patch introduces support for plain encryption mode (plain dm-crypt) via new module and command named 'plainmount'. The command allows to open devices encrypted in plain mode (without LUKS) with following syntax: +
...
+#define GRUB_PLAINMOUNT_UUID "00000000000000000000000000000000" +#define GRUB_PLAINMOUNT_CIPHER "aes-cbc-essiv:sha256" +#define GRUB_PLAINMOUNT_DIGEST "ripemd160" +#define GRUB_PLAINMOUNT_KEY_SIZE 256 +#define GRUB_PLAINMOUNT_SECTOR_SIZE 512
Sooner or later we will have to change this default in cryptsetup (as ripemd and CBC mode are no longer the best options) and you you will create data corruption here (as there is no way in plain mode to check that the mode is set correctly). Not sure if it is possible, but in normal system it should be required that these parameters are set in /etc/crypttab, grub should perhaps require explicit setting them in config too? Milan _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
