From Fedora Project Wiki

Revision as of 17:18, 21 January 2019 by Bcotton (talk | contribs) (Add trackers)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Switch cryptsetup default metadata format to LUKS2

Summary

The change switches Fedora system default metadata format for full disk encryption from LUKS1 to LUKS2. It mostly involves cryptsetup package and Anaconda installer so that both creates new LUKS2 containers by default.

Owner

Current status

Detailed Description

The LUKS2 is evolution of current LUKS standard for software full disk encryption. It's enabler for new features: introduces new Argon2 kdf (alongside current PBKDF2) for keyslots, better support for auto-activation, support for wrapped key ciphers (paes cipher), experimental authenticated encryption. Plus coming new features (online-reencryption).

The LUKS2 format is available and supported since cryptsetup release 2.0.0 (included in Fedora 28).

Benefit to Fedora

Scope

  • Proposal owners:

Ensure LUKS2 is declared default in upstream (owner is involved in upstream development). Currently upstream aims for LUKS2 being default in cryptsetup-2.1 (next release). We can switch it even before cryptsetup 2.1 release by overriding the default via configuration switch, but owner would prefer upstream default way.

  • Other developers:

Installer (Anaconda & co) should adapt to the change (and create new LUKS2 containers by default if user selects "encrypted storage" during installation).

  • Policies and guidelines:
  • Trademark approval: N/A

Upgrade/compatibility impact

There should be none with regard to currently supported Fedora distributions. Both Fedora 28 and 29 provides cryptsetup-2.0.6 (at least via updates streams) that is fully compatible with LUKS2 format. LUKS1 stays to be fully supported even with LUKS2 being new default.


How To Test

Basically there will be two areas to test:

  • cryptsetup luksFormat command creates LUKS2 devices by default
  • Anaconda installs on LUKS2 devices by default when users selects "encrypted storage" option.

In general this test plan should not cover bugs related to LUKS2 format itself. Those bugs should be covered by development testsuite shipped with cryptsetup package.


User Experience

The everyday experience should not be affected by the change in any way. The basic LUKS2 operations (open, close, add new keyslots, remove keyslot) is handled via same CLI.

More experienced users gain access to new features with default installation as stated in detailed description.

Dependencies

Currently only Anaconda installer. It would be inconvenient to install Fedora (encrypted storage) using different LUKS format by default if cryptsetup used LUKS2. The contact person is listed among Owners of this change.

Contingency Plan

  • Contingency mechanism: Stay with LUKS1 format as default
  • Contingency deadline: Beta freeze
  • Blocks release? No
  • Blocks product? N/A

Documentation

LUKS2 specification document


Release Notes