Description of problem: The anaconda storage selection offers to unlock AEAD luks partitions, but after that step just fails to do anything with them and just shows them as not editable or manageable. Even blivet-gui fails to make use of them. This also affects rawhide. Version-Release number of selected component (if applicable): How reproducible: Always. Steps to Reproduce: 1. Prepare a drive for installation with /boot partition, and another you manually setup as whatever. 2. The second partition should be formatted with: cryptsetup luksFormat --type luks2 --key-size 256 --sector-size 4096 --cipher chacha20-random --integrity poly1305 --pbkdf argon2id --hash sha512 --pbkdf-memory 16384 --pbkdf-parallel 4 --verify-passphrase --iter-time 5000 /dev/sdX OR cryptsetup luksFormat --type luks2 --key-size 256 --sector-size 4096 --cipher xchacha20,aes-adiantum-plain64 --integrity hmac-sha512 --pbkdf argon2id --hash sha512 --pbkdf-memory 16384 --pbkdf-parallel 4 --verify-passphrase --iter-time 5000 /dev/sdX 3. Unlock the luks container in anaconda trying to use it as / for the install. Observe it fail do to so. Actual results: Anaconda should be able to handle dm-integrity using luks2 containers. Expected results: Anaconda cannot make use of the container. Additional info:
upstream PR: https://github.com/storaged-project/blivet/pull/786
(In reply to Vojtech Trefny from comment #1) > upstream PR: https://github.com/storaged-project/blivet/pull/786 Just as a forewarning, this will propably also affect integritysetup-created partitions: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity#configuration-using-integritysetup (Just the integrity, sans the crypto) Once released, i dont know if they'll use the same identifier. Also, is the bug still active for anaconda? Not sure if this also needs changes on any other layers of storaged to work with the non-blivet manual partitioning or other software relying on it like cockpit.
> Just as a forewarning, this will propably also affect integritysetup-created partitions This should be ok, the problem here was with the "extra layer" added by the integrity DM device (we were expecting the unlocked device to be child of the partition). But I'll test this. > Also, is the bug still active for anaconda? No, the fix for blivet fixes the issue for anaconda custom partitioning too, no changes in the UI were needed -- both blivet-gui and anaconda custom partitioning use blivet for storage management.