Hi 👋, I wasn't able to use a LUKS2+PBKDF2 encrypted partition when setting up a machine recently. I understand this isn't supported by the version of GRUB currently shipped in Guix.
Basically, with a LUKS2+PBKDF2 drive, you get stuck at boot with no chance for GRUB to detect the relevant partitions. Or, at least, that was my experience with that setup. The Guix manual would indicate that LUKS2 is actually supported, when used in combination with PBKDF2⁰: > Note that GRUB can unlock LUKS2 devices since version 2.06, but only > supports the PBKDF2 key derivation function, which is not the default > for cryptsetup luksFormat. You can check which key derivation function > is being used by a device by running cryptsetup luksDump device, and > looking for the PBKDF field of your keyslots. If I'm right in thinking that LUKS2+PBKDF2 is not supported and there's no clear timeline for a fix yet, could it be worth to amend the manual to say that it has to be LUKS1 at this stage? Glad to amend the manual in case, but I might as well be missing something here, so I wanted to check with you first. Thanks, best wishes, Fabio. ⁰ https://guix.gnu.org/manual/devel/en/html_node/Keyboard-Layout-and-Networking-and-Partitioning.html#Disk-Partitioning -- Fabio Natali https://fabionatali.com
