fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

11K
active users

#luks

8 posts6 participants0 posts today

I just installed Arch manually, but now it fails to boot. It only asks to unlock nvme1n1p1, but not the root, leading to a "failed to find root" error.

fstab seems correct. I suspect the issue is in crypttab.
Does anyone know a good blog post or guide to set it up correctly? I feel like I’m close to solving this.

#ArchLinux #Btrfs #LVM #LUKS #Linux

1/2

that whilst having a too-long-running machine with already unlocked, but where I've /maybe/ forgotten the passphrase (so won't be able to boot it successfully), it's possible to check if I've remembered the passphrase correctly with:

# cryptsetup open --verbose --test-passphrase DEV
Enter passphrase for DEV:
Key slot 0 unlocked.
Command successful.

Okay, this is hella weird…

For quite some time now my Plymouth boot splash has not been showing text prompts when asking for my LUKS passphrase ("Please enter passphrase for device …"). Just the box to type it into.

I've been looking into this again and turns out apparently Plymouth doesn't know which font to choose for the prompt so it just shows… nothing?

I checked and sure enough, the font the Plymouth theme requests is in the initramfs with a generic file name. Logs show me that it's looking for fc-match, which isn't in the initramfs.

Checking with the downstream Arch issue tracker and upstream, a bug was fixed that prevented display of messages because some assumptions about fc-match were false and the fallback should work again.

Except it doesn't for me and I can't figure out what the issue is.

So, checking Arch Wiki again, it says that I can tell Plymouth to use SimpleDRM and… now the prompt is back?! Even if I include fc-match in the initramfs it won't work.

And the boot splash is now 5x as large.

I'm so confused…

GitLabpassword prompt display is broken in 24.004.60 (#2) · Issues · Arch Linux / Packaging / Packages / plymouth · GitLab Description: Since version 24.004.60, the password prompt text (the message "Please enter passphrase for disk ...:" in the screenshots) is no...
#Linux#LUKS#Arch
Replied to Multi Purr Puss :verified:

@platymew An alternative is to use passphrase files or TPM key storage for LUKS autounlocking during boot, then give ZFS the mapped/opened LUKS devices as underlying pool storage. Depending on your use case, this may be perfectly sufficient. For example, it allows for easy rapid decommissioning of drives.

For the general question of whether ZFS can operate on top of LUKS, the simple answer IMO is an unqualified yes. The complexity shows up in secure unlocking.

@tomlawrence

In one of your recent stream VODs, @tomlawrence, someone asked, whether they could run #ZFS on #LUKS - i can answer that; YES*, with an *asterisk.

I did this for quite some time, until i've decided that it's rather inconvenient to type in my password on every reboot. Now, i'm running LUKS on ZVOLs, in #Ubuntu / #qemu / #libvirt.

It's a small home server, and i need a few "privacy insensitive" VMs to auto-start after power-fail.

All one needs is a block dev, zpool create, done! 😉 …technically

"What makes this attack particularly concerning is its practicality in real-world scenarios. Unlike previous attacks against full-disk encryption requiring precise file location knowledge, CrashXTS succeeds through controlled randomization of encrypted data."

Benutzt die #Verschlüsselung unter #Linux nicht auch #XTS?

#AES #LUKS
cyberkendra.com/2025/01/micros

Microsoft Patches Critical BitLocker Vulnerability Enabling Data Extraction
Cyber KendraMicrosoft Patches Critical BitLocker Vulnerability Enabling Data Extraction

⚠️ #Astuce Solus + LUKS ⚠️

Sous Solus, si vous saisissez votre mot de passe LUKS en AZERTY lors de l'installation, au premier démarrage, le clavier sera en QWERTY pour le déverrouillage ! ⌨️Préparez-vous à une petite gymnastique des doigts pour taper votre mot de passe. Cela n'arrive qu'au premier démarrage ! 😅

#Solus#getsol#LUKS
Replied in thread

@x_cli Si tu utilises LUKS avec Clevis (TPM2) sur FCOS et que tu dois effacer le volume, c'est probablement dû à l'option wipe_volume: true par défaut. Ça empêche de garder les données entre les installs. Pour éviter ça, configure LUKS manuellement sans cette directive et assure-toi que Clevis ajoute une nouvelle keyslot sans écraser l'existant. 🚀 #Linux #LUKS #FCOS