Installing OpenMandriva on LUKS2

Hello,

I just found out that OpenMandriva LX (Rome and also Rock, desktop and arch. irrelevant).
Can not be installed with luks2 since Calamares will install it only with LUKS1 (if you select to encrypt ext4 partition) which is no longer very secure. If you choose LUKS 2 in Calamares it will not ask you for volume password or filesystem type under it and install will fail with error.
Is there any way to install OpenMandriva on LUKS2 partition (preferably also with SHA512 hash) (of course i understand I need to have one unencrypted /boot partition…) ?
So far I tried pre-creating partitions and then running Calamares and setting just mount points, but I had no luck.

If you can help me I would be very glad since this is my only stumbling block with OpenMandriva.

I also noted that other distros using Calamares do not have this problem so perhaps problem just lies in Calamares configuration in OpenMandriva ???
EDIT: They (other distros) also encrypt with LUKS2 by default.

Thanks

3 Likes

Welcome!

I don’t use LUKS, so I have no experience with this one, but we are glad to see you.

Does it help?
LUKS installation in ROME or Rock does not seem to work (Solved) - #6 by ben79

1 Like

No, I already tried this. As I mentioned Calamares simply cannot install on existing LUKS partition (wont even ask for password, and if it is unlocked only pretends to install on it but nothing is written and fails).

1 Like

It appears something similar was reported but the person that reported it opted not to follow up with calamares about any upstream issues:

I know we are addressing issues with LUKS 1 and it may be evaluated at that time to investigate LUKS 2.

1 Like

So, here is what I could find from the upstream that will hopefully shed some light on things:

It appears despite the announcement in 2020 that GNU had these patches they may not have been merged, or the calamares project just isn’t good about closing issues. It only appears that the Nix project chimed in with support by default for LUKS 2. Given that uncertainty I could see how a managerial decision to use LUKS 2 might have been avoided. There were other points made in the Issue that may be of value.

There are several other LUKS issues that could also be perused:

If there is a possibility that this form of encryption is not supported at this time, then it may not be considered. I realize there are probably many other distros using this type of encryption, but we would need people to step up and test this. If you would be willing to do that, then it might be more of a possibility.

Okay, this was why we avoided it:

1 Like

But it is important to note that:
Grub is not a problem if you use un-encrypted /boot and /boot/efi partition and then you can LUKS2 encrypt rest of / without problems with grub.

It works this way on Ubuntu without problems.

1 Like

Okay. If there is a way to enable it without tying it to the boot loader we will investigate configuring that. Would you be willing to test it?

We don’t do things the way Ubuntu does them so it’s not really a valid comparison.

You are a official developer of OpenMandriva ??? Where is your badge ?

So, no. You are not willing to test it.

1 Like

He is, but doesn’t wear a badge.

I am willing to test it :smile: , but you should stop pretending to be a OF. developer

I am willing to test it :smile: , but you should stop pretending to be a OF. developer

Sure thing potatus

2 Likes

I will gladly test it.

2 Likes

You can keep track of the progress here:

2 Likes

I will pay attention and test it to as I need LUKS on my main notebook!

Thanks in advance for the good work!

1 Like