You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The default LUKS encryption options do not meet the needs of some use cases.
Describe the solution you'd like
Introduce a feature that allows users to specify their encryption preferences through a configuration file, luks_config.conf, which can be edited within the live environment. This would enable users to customize the default settings for cipher, key size, hash algorithm, PBKDF options, and header label according to their specific requirements.
Describe alternatives you've considered
Currently, there appears to be no option to modify the default LUKS settings used by the installer, which restricts users to a one-size-fits-all approach.
Additional context
Security researchers have differing opinions on the "most secure" configuration. Allowing informed users to customize their settings creates a more complex challenge for attackers, enhancing overall security.
The text was updated successfully, but these errors were encountered:
If these options were to be added, from a Calamares perspective, I think they would belong in partition.conf with the other luks-related settings.
Does kpmcore support specifying these options? If it does, this would be fairly easy to implement I think. If not, support would need to be added there first.
I’m new to modifying Calamares and would appreciate any guidance on locating the current LUKS configuration in the source code or any relevant files within the installation environment. Any pointers would be helpful.
They are in the partition module or something that is called from that module.
Unfortunately, that is the most complicated module and a bit of a tough place to start. That being said, you can pretty easily search it for "luks" and find all the places luks-related things are happening.
Is your feature request related to a problem? Please describe.
The default LUKS encryption options do not meet the needs of some use cases.
Describe the solution you'd like
Introduce a feature that allows users to specify their encryption preferences through a configuration file, luks_config.conf, which can be edited within the live environment. This would enable users to customize the default settings for cipher, key size, hash algorithm, PBKDF options, and header label according to their specific requirements.
Describe alternatives you've considered
Currently, there appears to be no option to modify the default LUKS settings used by the installer, which restricts users to a one-size-fits-all approach.
Additional context
Security researchers have differing opinions on the "most secure" configuration. Allowing informed users to customize their settings creates a more complex challenge for attackers, enhancing overall security.
The text was updated successfully, but these errors were encountered: