Hello, folks!
LUKS2 has an awesome feature — AEAD encryption (Authenticated Disk Encryption), which offers the cool secondary benefit of bit rot detection.
I would like to install Debian on LUKS with AEAD to protect the system and data in /var from silent corruption. I have faced bit rot several times throughout my computing experience, and now protection on storage and ECC RAM is a must-have for me.
However, I noticed that the Debian installer lacks LUKS AEAD support. Furthermore, any attempts with reasonable effort to install Debian onto a preconfigured LUKS AEAD setup have not been successful. I also tried to configure at least LUKS with dm-integrity, but this does not work with the Debian installer, even through rescue mode.
From what I recall, the issues seem to be due to missing udebs with the integritysetup binary, along with missing kernel modules for encryption and OpenSSL libraries.
I would like to discuss this before posting bugs, and I'm hoping someone might suggest workarounds. As a temporary workaround until the Debian installer includes LUKS2 AEAD or dm-integrity support, I am considering using Btrfs.
LUKS2 has an awesome feature — AEAD encryption (Authenticated Disk Encryption), which offers the cool secondary benefit of bit rot detection.
I would like to install Debian on LUKS with AEAD to protect the system and data in /var from silent corruption. I have faced bit rot several times throughout my computing experience, and now protection on storage and ECC RAM is a must-have for me.
However, I noticed that the Debian installer lacks LUKS AEAD support. Furthermore, any attempts with reasonable effort to install Debian onto a preconfigured LUKS AEAD setup have not been successful. I also tried to configure at least LUKS with dm-integrity, but this does not work with the Debian installer, even through rescue mode.
From what I recall, the issues seem to be due to missing udebs with the integritysetup binary, along with missing kernel modules for encryption and OpenSSL libraries.
I would like to discuss this before posting bugs, and I'm hoping someone might suggest workarounds. As a temporary workaround until the Debian installer includes LUKS2 AEAD or dm-integrity support, I am considering using Btrfs.
Statistics: Posted by Chaser — 2024-10-29 01:22