From f850d140d7902e3b03ca545bbd419e0a9ed8f30e Mon Sep 17 00:00:00 2001 From: Alejandro Enedino Hernandez Samaniego Date: Tue, 3 May 2022 11:53:30 -0600 Subject: cryptsetup: Add luks2 configure options defaults Cryptsetup allows for certain luks2 related defaults to be set for libcryptsetup, these include the default PBKDF algorithm, memory limit for Argon2, parallel threads and iteration time. Set default variables defined to the same values currently coming from cryptsetup upstream, making this change transparent for the user but allow these values to be customized. Signed-off-by: Alejandro Enedino Hernandez Samaniego Signed-off-by: Khem Raj --- meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'meta-oe/recipes-crypto') diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb index 8f9f663a33..435b554777 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -70,6 +70,7 @@ PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" + EXTRA_OECONF = "--enable-static" # Building without largefile is not supported by upstream EXTRA_OECONF += "--enable-largefile" @@ -78,6 +79,17 @@ EXTRA_OECONF += "--disable-static-cryptsetup" # There's no recipe for libargon2 yet EXTRA_OECONF += "--disable-libargon2" +# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) +LUKS2_PBKDF ?= "argon2i" +LUKS2_MEMORYKB ?= "1048576" +LUKS2_PARALLEL_THREADS ?= "4" +LUKS2_ITERTIME ?= "2000" + +EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \ + --with-luks2-memory-kb=${LUKS2_MEMORYKB} \ + --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \ + --with-luks2-iter-time=${LUKS2_ITERTIME}" + FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" RDEPENDS:${PN} = " \ -- cgit v1.2.3-54-g00ecf