From 5d8c13e99c6112f445659bda803f0d86c1e642bb Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 28 Jan 2022 15:37:34 -0300 Subject: Fix: provision: cryptsetup fixes --- share/hydractl/provision | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/share/hydractl/provision b/share/hydractl/provision index bd9303b..54c92e9 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -55,7 +55,12 @@ function hydra_cryptsetup { #hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1 # Run cryptsetup mostly with defaults - hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1 + #hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1 + + # GRUB2 from bullseye (or even older) does not support LUKS2, which seems + # the default type for luksFormat since bullseye at least + # See https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html + hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1 fi } @@ -638,8 +643,12 @@ aes sha256 EOF - if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then - hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook + #if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then + # hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook + #fi + + if [ -d "$WORK/etc/initramfs-tools/hooks.d" ]; then + echo "CRYPTSETUP=y" > $WORK/etc/initramfs-tools/hooks.d/cryptsetup.conf fi hydra_sudo_run chroot $WORK update-initramfs -u -- cgit v1.2.3