diff options
author | Alejandro Hernandez Samaniego <alejandro@enedino.org> | 2022-04-28 17:00:12 -0600 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2022-04-28 17:31:15 -0700 |
commit | fc0808e02f8b3b16886068213788b3e6471511ee (patch) | |
tree | b7a1213ac476bd0780657d4021fe14bf386a3435 | |
parent | 525e7c049d093eb666814537cf4c33e575682e84 (diff) | |
download | meta-openembedded-contrib-fc0808e02f8b3b16886068213788b3e6471511ee.tar.gz |
cryptsetup: Add luks2 related PACKAGECONFIGs
Cryptsetup allows for certain luks2 related defaults to be
set for libcryptsetup, these include the default PBKDF
algorithm, memory limit for PBKDF2, parallel threads and
iteration time.
Add these options as PACKAGECONFIGs to cryptsetup while
setting variables defined as the current cryptsetup
defaults, making this change transparent for the user but
allow these knobs to be customized.
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r-- | meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb index 8f9f663a33..7baca98cbe 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -44,6 +44,14 @@ PACKAGECONFIG:append:class-target = " \ udev \ " + +# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) +LUKS2_PBKDF ?= "argon2i" +LUKS2_MEMORYKB ?= "1048576" +LUKS2_PARALLEL_THREADS ?= "4" +LUKS2_ITERTIME ?= "2000" + + PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" @@ -69,6 +77,10 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[luks2-pbkdf] = "--with-luks2-pbkdf=${LUKS2_PBKDF}" +PACKAGECONFIG[luks2-memorykb] = "--with-luks2-memory-kb=${LUKS2_MEMORYKB}" +PACKAGECONFIG[luks2-parallel-threads] = "--with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS}" +PACKAGECONFIG[luks2-itertime] = "--with-luks2-iter-time=${LUKS2_ITERTIME}" EXTRA_OECONF = "--enable-static" # Building without largefile is not supported by upstream |