Skip to content

Add configurable LUKS format options#129

Open
theoriginalgri wants to merge 1 commit into
hetzneronline:masterfrom
theoriginalgri:configurable-luks-options
Open

Add configurable LUKS format options#129
theoriginalgri wants to merge 1 commit into
hetzneronline:masterfrom
theoriginalgri:configurable-luks-options

Conversation

@theoriginalgri

@theoriginalgri theoriginalgri commented May 21, 2026

Copy link
Copy Markdown

Allow install.conf to override selected cryptsetup luksFormat parameters while preserving the existing defaults. This adds hidden CRYPTTYPE, CRYPTCIPHER, CRYPTKEYSIZE, CRYPTPBKDF, CRYPTPBKDFMEMORY, CRYPTITERTIME, and CRYPTHASH options.

The luksFormat command is now built as an argv array so optional parameters can be added without shell string evaluation.

In my setup this has been used as:

CRYPTPASSWORD <super-secret-password>
CRYPTTYPE luks2
CRYPTCIPHER aes-xts-plain64
CRYPTKEYSIZE 512
CRYPTPBKDF argon2id
CRYPTPBKDFMEMORY 1048576
CRYPTITERTIME 6000
CRYPTHASH sha256

@theoriginalgri
Add configurable LUKS format options
87e40e9 
Allow install.conf to override selected cryptsetup luksFormat parameters while preserving the existing defaults. This adds hidden CRYPTTYPE, CRYPTCIPHER, CRYPTKEYSIZE, CRYPTPBKDF, CRYPTPBKDFMEMORY, CRYPTITERTIME, and CRYPTHASH options.

The luksFormat command is now built as an argv array so optional parameters can be added without shell string evaluation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theoriginalgri