From 4395ba1f645d36fa0a29e63f43d6a14e5c052372 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 24 Feb 2024 08:51:02 -0300 Subject: Fix: hydractl: provision: run cryptsetup mostly with defaults, which nowadays ensures luks2 and argon2id --- share/hydractl/provision | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/share/hydractl/provision b/share/hydractl/provision index 99853f0..783f2ae 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -54,13 +54,13 @@ function hydra_cryptsetup { # Run cryptsetup with custom parameters #hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1 - # Run cryptsetup mostly with defaults - #hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1 - # GRUB2 from bullseye (or even older) does not support LUKS2, which seems # the default type for luksFormat since bullseye at least # See https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html - hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1 + #hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1 + + # Run cryptsetup mostly with defaults + hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1 fi } -- cgit v1.2.3