That's not strictly true, but near enough for most purposes.
The actual situation is that it is possible for GRUB2 to boot from a LUKS2 formatted device, but it does not support the use of any of the Argon variants unless a non-mainline patch is used. You are 'stuck' with PBKDF2. The key (excuse the pun) point is the use of Argon, not LUKS2, which is necessary, but not sufficient.
Similarly, GRUB will fail to set up the disk correctly as grub-probe fails to recognise LUKS2 headers. You will need to set up a custom grub.cfg that loads the json and luks2 mods, which means that grub can then use LUKS2 formatted headers. If grub updates automatically, the manually crafted grub.cfg will need to be re-made, as it is overwritten with a non-working configuration by the grub update process.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Beware upstream GRUB does not support argon2i / argon2id
Date: 2023-04-19 01:34 pm (UTC)The actual situation is that it is possible for GRUB2 to boot from a LUKS2 formatted device, but it does not support the use of any of the Argon variants unless a non-mainline patch is used. You are 'stuck' with PBKDF2. The key (excuse the pun) point is the use of Argon, not LUKS2, which is necessary, but not sufficient.
Similarly, GRUB will fail to set up the disk correctly as grub-probe fails to recognise LUKS2 headers. You will need to set up a custom grub.cfg that loads the json and luks2 mods, which means that grub can then use LUKS2 formatted headers. If grub updates automatically, the manually crafted grub.cfg will need to be re-made, as it is overwritten with a non-working configuration by the grub update process.
It is a bit of a mess.