Is your feature request related to a problem? Please describe.
Older key derivation functions are considered insecure and we should try to make sure that LUKS encrypted disks get their keys automatically updated on update.
This is particularly of interest for Silverblue/Kinoite/Sericea as this is a common LUKS encrypted disk setup with a password on laptops.
This will only work for LUKS setups where we can guarantee that we can re-enter the key of all keyslots or that we can ask the user to re-enter all keys.
It might be really hard to do non-interactively on Silverblue. Documentation might be the best option.
Is your feature request related to a problem? Please describe.
Older key derivation functions are considered insecure and we should try to make sure that LUKS encrypted disks get their keys automatically updated on update.
See https://mjg59.dreamwidth.org/66429.html
This is particularly of interest for Silverblue/Kinoite/Sericea as this is a common LUKS encrypted disk setup with a password on laptops.
This will only work for LUKS setups where we can guarantee that we can re-enter the key of all keyslots or that we can ask the user to re-enter all keys.
It might be really hard to do non-interactively on Silverblue. Documentation might be the best option.
See discussion for FCOS: https://github.com/coreos/fedora-coreos-tracker/issues/1474