Hi Ludwig, On Wed, 12 Nov 2025 at 05:56, Nussel, Ludwig via Concept <concept@u-boot.org> wrote:
On Tue, 2025-11-11 at 05:41 -0700, Simon Glass wrote:
From: Simon Glass <simon.glass@canonical.com>
Modern systems mostly use LUKSv2 as it is more secure that v1. This series provides an implementation of this feature, making use of the existing 'luks unlock' command.
Are you sure adding luks to u-boot is a good idea? I'm curious about your use case as seeing the patches brings up bad memories of grub for me :-) I thought the learning from that was to reduce duplicating code in the bootloader and leave fancy stuff like disk encryption and advanced file system features to Linux. IOW load signed but unencrypted kernel and initrd and handle the rest in Linux userspace.
The use case is really just trying to avoid needing to start an initrd just to unlock the disk. It means that people select the OS and then (later) have to enter the key in a very different context. With the unlock in firmware we can start Linux without an initrd. We can also provide a unified UI, e.g. enter the unlock key directly in the boot menu. It isn't for everyone, but I believe it has value. For advanced filesystems, yes we should leave that to Linux. We have an ext4 boot partition with the OS, so that should be enough. I actually don't know much about the grub issue (more a user than a developer on that!) Can you give a few details? Regards, Simon
cu Ludwig
-- (o_ Ludwig Nussel //\ Siemens AG / SI E R&D IOT V_/_ www.siemens.com
_______________________________________________ Concept mailing list -- concept@u-boot.org To unsubscribe send an email to concept-leave@u-boot.org