From 563f3accbec3223d1ea4cbe6a17ae4b1c4b87ad4 Mon Sep 17 00:00:00 2001 From: inference Date: Fri, 27 Jun 2025 19:05:30 +0000 Subject: [PATCH] update: file "dmcrypt" "3.0.0" > "4.0.0" --- aa-00-00/dmcrypt | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/aa-00-00/dmcrypt b/aa-00-00/dmcrypt index d2cda3f..f7d3721 100644 --- a/aa-00-00/dmcrypt +++ b/aa-00-00/dmcrypt @@ -1,22 +1,28 @@ -# Inferencium - aa000-0 +# Inferencium - aa-00-00 # dm-crypt - Configuration -# Version: 3.0.0 +# Version: 4.0.0 # Copyright 2023 Jake Winters # SPDX-License-Identifier: BSD-3-Clause # Global -## How long to wait for each timeout (in seconds) +## How long to wait for each timeout (seconds) dmcrypt_key_timeout="1" ## Max number of checks to perform (see dmcrypt_key_timeout) #dmcrypt_max_timeout="300" -# Number of password retries +## Number of password retries dmcrypt_retries="5" - -# swap -## These should come first so no keys make their way into unencrypted swap. +# Swap (list first to prevent key leakage into unencrypted swap) +## In the case of a swap partition, create the filesystem, beforehand, and add an offset to the cryptsetup swap options +## below so the PARTUUID is not overwritten by cryptsetup and can be used as the source device. +## If using AES-XTS as the cipher, a key size of double the target security level should be used as XTS mode splits the +## key size, making a key size of 512 bits effectively 256 bits (AES-256), and a key size of 256 bits effectively 128 +## bits (AES-128). +## For ephemeral swap which has a randomly-generated, per-boot key, set the key file as /dev/urandom; all data will be +## irreversibly lost on system shutdown or reboot. Note that using ephemeral swap prevents hibernation to the target +## swap partition. swap="swap" source="PARTUUID=[REDACTED]" options="--offset 2048 --cipher aes-xts-plain64 --key-size 512 --key-file /dev/urandom"