path: root/meta-python
diff options
authorYi Zhao <yi.zhao@windriver.com>2019-07-11 15:26:50 +0800
committerKhem Raj <raj.khem@gmail.com>2019-07-11 14:01:28 -0700
commit11ff107a853f9ef6ad31ac6e3ed0f15fb8ada27f (patch)
treeac401bcb900731f0448ffdc489252e2ba8c5eb14 /meta-python
parent41f6815e0865b6d1c187a07806dc1f02e40ef45c (diff)
cryptsetup: set the default luks format to LUKS1
The cryptsetup 2.1 uses LUKS2 format as the default LUKS format. This change introduced the following issues: * LUKS2 requires kernel userspace crypto API to be available (CONFIG_CRYPTO_USER_API and CONFIG_CRYPTO_USER_API_SKCIPHER). But linux-yocto doesn't enable these options by default. If missing these kernel modules, the cryptsetup will fall back to using dmcrypt-device for keyslot processing. $ cryptsetup --debug --type luks luksFormat /dev/sda3 [snip] Checking if cipher aes-xts-plain64 is usable. Userspace crypto wrapper cannot use aes-xts-plain64 (-95). Using dmcrypt to access keyslot area. [snip] * The grub can not decrypt a LUKS2 encrypted boot partition because it doesn't support LUKS2 now. See grub bug: https://savannah.gnu.org/bugs/?55093 Add a PACKAGCONFIG for luks format and set the default LUKS format to LUKS1. The users can specify '--type luks2' in cryptsetup command line if they want to use LUKS2. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python')
0 files changed, 0 insertions, 0 deletions