Guys, good news! So I compiled GRUB (took the official PKGBUILD and its original patches and combined them with argon_1-5.patches) and the --iter-time 1000 makes LUKS2 + argon2id work on my other laptop (Dell G3 3779)! It only won't work on my Acer Aspire A3 as I mentioned before.
Search Criteria
Package Details: grub-improved-luks2-git 2.12.r10.g04d2a50f3-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/grub-improved-luks2-git.git (read-only, click to copy) |
|---|---|
| Package Base: | grub-improved-luks2-git |
| Description: | GNU GRand Unified Bootloader (2) with Argon2 support. Patch made by Patrick Steinhardt |
| Upstream URL: | https://www.gnu.org/software/grub/ |
| Licenses: | GPL3, CC0 |
| Conflicts: | grub |
| Provides: | grub |
| Submitter: | Ax333l |
| Maintainer: | Ax333l |
| Last Packager: | Ax333l |
| Votes: | 22 |
| Popularity: | 0.74 |
| First Submitted: | 2022-01-02 14:06 (UTC) |
| Last Updated: | 2024-03-09 00:19 (UTC) |
Dependencies (18)
- device-mapper (device-mapper-gitAUR)
- freetype2 (freetype2-gitAUR, freetype2-qdoledAUR, freetype2-macosAUR)
- fuse2
- gettext (gettext-gitAUR)
- autogen (make)
- bdf-unifontAUR (make)
- bison (byacc-bisonAUR, bison-gitAUR) (make)
- git (git-gitAUR) (make)
- help2man (help2man-gitAUR, python-help2manAUR) (make)
- python (python32AUR, python37AUR, python310AUR) (make)
- rsync (rsync-gitAUR, rsync-reflinkAUR, rsync-reflink-gitAUR) (make)
- texinfo (texinfo-gitAUR) (make)
- ttf-dejavu (ttf-dejavu-ibAUR, ttf-dejavu-emojilessAUR) (make)
- dosfstools (dosfstools-gitAUR) (optional) – For grub-mkrescue FAT FS and EFI support
- efibootmgr (efibootmgr-gitAUR) (optional) – For grub-install EFI support
- libisoburn (libisoburn-gitAUR) (optional) – Provides xorriso for generating grub rescue iso using grub-mkrescue
- mtools (mtools-svnAUR) (optional) – For grub-mkrescue FAT FS support
- os-prober (os-prober-btrfsAUR, os-prober-gitAUR) (optional) – To detect other OSes when generating grub.cfg in BIOS systems
Required by (308)
- apple_set_os (requires grub) (optional)
- arch-grub2-theme (requires grub)
- arch-matrix-grub-theme-git (requires grub)
- archiso-git (requires grub)
- archiso-grub-themes (requires grub)
- archuseriso (requires grub)
- bieaz (requires grub)
- bieaz-git (requires grub)
- boo-grub-git (requires grub)
- booty-git (requires grub)
- cryptboot (requires grub)
- cyberpunk-grub-theme-git (requires grub)
- dedsec-grub2-theme (requires grub)
- distro-grub-themes-arch (requires grub)
- distro-grub-themes-endeavouros (requires grub)
- distro-grub-themes-meta (requires grub)
- dracula-grub-theme-git (requires grub)
- endeavouros-galleon-grub (requires grub)
- graphite-grub-theme-default-1080p (requires grub)
- graphite-grub-theme-default-2k (requires grub)
- Show 288 more...
Sources (12)
Mateusz commented on 2023-06-18 15:24 (UTC)
Mateusz commented on 2023-06-18 12:17 (UTC)
I just wanted to let you guys know that using the parameter --iter-time 1000 while formating a partition to LUKS2 does not make it work for me on my Acer Aspire 3 A315-59.
duffydack commented on 2023-06-16 16:19 (UTC) (edited on 2023-06-16 16:51 (UTC) by duffydack)
I wonder what's different on my systems that allows me to use this pkg to unlock encrypted devices without issue. The only custom parameters I use are --iter-time 1000. It uses argon2id as is default according to archwiki. Maybe the iter-time will help
Ax333l commented on 2023-06-16 14:57 (UTC) (edited on 2023-06-16 14:58 (UTC) by Ax333l)
It appears several people cannot successfully unlock argon2 keyslots. This appears to happen because grub cannot successfully allocate enough memory. This is either a bug in UEFI or the grub memory allocator. This also happens to me on my second laptop. I don't have any experience with such memory allocation code, so I have no idea how to fix it myself.
LUKS2 with PBKDF should still work.
Mateusz commented on 2023-06-12 19:34 (UTC)
I have the same situation; I can't mount the volume and I always receive the invalid passphrase message.
rodolfoser commented on 2023-06-12 18:08 (UTC)
i can get to grub rescue shell. With argon2i i cant mount the volume (cryptomount -a). Always receiving Invalid passphrase, no matter if it is the correct or the wrong passphrase.
Insmod argon2 works, so module should be loaded
Mateusz commented on 2023-06-12 17:02 (UTC)
update 1: I took the PKGBUILD from Arch (https://gitlab.archlinux.org/archlinux/packaging/packages/grub) and basically applied the argon[1-5] patch set from this AUR pkg. Unfortunately, I experience the same thing. Does anyone here run a LUKS2 +argon2id setup successfully?
Mateusz commented on 2023-06-11 16:03 (UTC)
Hmmm.. when I ls in the grub recovery shell, I can see the LUKS2 partition showing up as hd0,gpt2. When I try to unlock it manually by running cryptosetup I get the same error.
Ax333l commented on 2023-06-11 16:01 (UTC)
Can either one of you get into the grub shell after the failure? If so, does the encrypted boot partition show up if you run ls? Can you manually unlock it using the cryptomount command?
https://www.gnu.org/software/grub/manual/grub/html_node/cryptomount.html
Mateusz commented on 2023-06-11 14:55 (UTC)
@Ax333l unfortunately, specifying the partUUID instead of UUID of my LUKS2 partition doesn't work either. BTW, I can't use the kernel parameter rd.luks.uuid=LuksUUID because I'm on Artix and I don't use systemd :D
I get the same error as @rodolfoser invalid passphrase error: disk 'cryptouuid/myUUID' not found'
Pinned Comments
Ax333l commented on 2022-02-17 18:58 (UTC) (edited on 2023-06-16 14:24 (UTC) by Ax333l)
I have disabled translations because they have been the cause of build failures in both this package and
grub-git. If you want to re-enable them, check the PKGBUILD.Also, make sure you have installed
base-devel.Argon2 might not work on some devices due to issues with the memory allocator