|Use 512bit keys in LUKS by default.patch | (download)
2 1 + 1 - 0 !
26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 14 deletions(-)
use 512bit keys in luks by default
This is what Debian FDE does and what was suggested in the
We need to adapt the tests because AES only supports 256bit keys
and only the XTS mode splits the 512bit key into two parts.
(cherry picked from commit 9dc4e2463860810cac5a1dbfb7064c47200260f6)
|Use existing cryptsetup API for changing keyslot passphra.patch | (download)
40 9 + 31 - 0 !
3 3 + 0 - 0 !
2 files changed, 12 insertions(+), 31 deletions(-)
use existing cryptsetup api for changing keyslot passphrase
Instead of manually removing the keyslot and adding new a one.
Our old code also doesn't work in FIPS mode.
(cherry picked from commit 34ed7becf4536ee1277175abdf47c075f340af61)