I installed endeavourOS 2 days ago and then, the next day, there was a newnrelease of endeavourOS. It’s supposed to have better encryption. Is it possible to upgrade encryption on Linux? An unrelated question: is it possible to change the password of an encrypted partition? I’m a beginner, so please explain your magical commands.

    • d3Xt3r@lemmy.nzM
      2·
      1 year ago

      Apparently there’s still some limitations, according to the Arch Wiki:

      • Initial LUKS2 support was added to GRUB 2.06, but with several limitations that are only partially addressed in GRUB 2.12rc1. See GRUB bug #55093.

      • Since GRUB 2.12rc1, grub-install can create a core image to unlock LUKS2. However, it only supports PBKDF2, not Argon2.

      • Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

      • 0v0@sopuli.xyz
        4·
        1 year ago

        Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

        There is this patch, although I have not tested it myself. There is always cryptsetup luksAddKey --pbkdf pbkdf2.

        • d3Xt3r@lemmy.nzM
          4·
          1 year ago

          That patch looks promising. But I wouldn’t recommend PBKDF2, I mean if you’re going to go thru the trouble of converting to LUKS2 for stronger encryption, might as well go for Argon2.

    • Skull giver@popplesburger.hilciferous.nl
      1·
      1 year ago

      EndeavourOS switched their key derivation function to argon2id, which Grub doesn’t support yet. LUKS2 will work fine, but only with the older PBKDFs, not the one that Endeavour switched to as of a few days ago.

      If OP wants to upgrade their encryption to argon2id to match a fresh Endeavour install, they won’t be able to do it with Grub. That said if they’re using Grub right now, nothing would’ve changed in terms of security whether they installed last week or today because the Endeavour change only affects systemd-boot installs.