"Thomas Ieong" <th.ie...@free.fr> writes: > I remember that some years ago we could not use LUKS 2, has the situation > improved?
I'm writing this from Guix System installed on an LUKS 2 volume. So, yes, it works now. GRUB also supports `--pbkdf argon2id` now, so you don't have to worry about that insecurity [1] anymore. The problem is that you still need GRUB to decrypt the volume before you can boot, and GRUB's decryption is really slow (takes over a minute, versus a few seconds after booting the kernel). What most distributions do is use something like `ukify` to generate a bootable UEFI image that has includes the required crypto modules. There is an open patch series that would add this to Guix [2], but it hasn't been touched in a long time (it was split off from a larger rewrite of the bootloader subsystem [3], which also hasn't been touched in a while). Which is a shame, because this issue was brought up multiple times in the Guix Survey. [1] https://yhetil.org/guix/87edoftd1x.fsf@wireframe/ [2] https://yhetil.org/guix/cover.1705465384.git.lilah@lunabee.space/ [3] https://yhetil.org/guix/cover.1727201267.git.her...@rimm.ee/
