Backport from v2022dev0 to v2021pre: Add PBKDF Memory support during update bundle encryption (!311) · Merge requests · infrastructure / apertis-image-recipes

Emanuele Aina requested to merge wip/em/v2021pre-backports into apertis/v2021pre Nov 13, 2020

The Password-Based Key Derivation Function (PBKDF) memory cost is computed (through a bnechmark) during encrypted bundle creation. This value is used during decryption to allocate memory and can be too large on small devices, preventing to unlock with following errors:

# Trying to open LUKS2 keyslot 0.
# Keyslot 0 (luks2) open failed with -12.
…
Command failed with code -3 (out of memory).

PHP RFC recommends to use a power of 2 when changing the memory cost value, see https://wiki.php.net/rfc/argon2_password_hash and https://github.com/P-H-C/phc-winner-argon2/blob/master/README.md.

Fix it to 64M.

Admin message

Backport from v2022dev0 to v2021pre: Add PBKDF Memory support during update bundle encryption

Merge request reports