Skip to content

Commit 0f13fd2

Browse files
crogers1crogers1
authored
Merge pull request #121 from apertussolutions/dmcrypt-update
part2: update dm-crypt parameters
2 parents e207496 + 77a8343 commit 0f13fd2

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

part2/stages/Functions/install-main

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,9 @@ install_dom0()
222222
#
223223
# config
224224
#
225-
cryptsetup -q -i 600 --cipher=aes-xts-plain64 luksFormat ${config_lv} ${RECOVERY_KEY} >&2 || {
225+
cryptsetup -q --cipher=aes-xts-plain64 --hash sha512 \
226+
--pbkdf pbkdf2 --pbkdf-force-iterations $(( 1000 * 1000 )) \
227+
--type luks2 luksFormat ${config_lv} ${RECOVERY_KEY} >&2 || {
226228
rm -f ${RECOVERY_KEY}
227229
set +x
228230
return 1
@@ -254,12 +256,13 @@ install_dom0()
254256
# prepare lvm directory to store lvm metadata backups.
255257
do_cmd mkdir -p -m 755 ${DOM0_MOUNT}/config/etc/lvm >&2 || return 1
256258

259+
local CIPHER="--cipher=aes-xts-plain64 --key-size=512"
257260
#
258261
# log
259262
#
260263
set -x
261264
local LOG_KEY=$(gen_log_key ${DOM0_MOUNT})
262-
cryptsetup -q -d ${LOG_KEY} create log /dev/xenclient/log >&2 || {
265+
cryptsetup -q -d ${LOG_KEY} ${CIPHER} create log /dev/xenclient/log >&2 || {
263266
set +x
264267
return 1
265268
}
@@ -268,10 +271,11 @@ install_dom0()
268271
# cores
269272
#
270273
local CORES_KEY=$(gen_cores_key ${DOM0_MOUNT})
271-
cryptsetup -q -d ${CORES_KEY} create cores /dev/xenclient/cores >&2 || {
274+
cryptsetup -q -d ${CORES_KEY} ${CIPHER} create cores /dev/xenclient/cores >&2 || {
272275
set +x
273276
return 1
274277
}
278+
unset CIPHER
275279

276280
# device key (used to tie encrypted disks to this host)
277281
local DEVICE_KEY=$(gen_device_key ${DOM0_MOUNT})

0 commit comments

Comments
 (0)