[Concept] [PATCH 00/15] luks: Provide support for LUKSv2

11 Nov 2025

      From: Simon Glass <simon.glass@canonical.com>

Modern systems mostly use LUKSv2 as it is more secure that v1. This
series provides an implementation of this feature, making use of the
existing 'luks unlock' command.

One interesting part of this series is a converter from JSON to FDT, so
that U-Boot's existing ofnode interface can be used to access the
hierarchical data in JSON text. This obviously results in quite a bit
of new code, but it is more robust than trying to parse the text
directly using strstr(), etc. The choice of JSON for LUKS was presumably
made with larger code bases in mind, rather than a firmware
implementation.

Simon Glass (15):
  mbedtls: Allow use of XTS functions
  mbedtls: Allow use of base64
  test: Check for null string in assert functions
  json: Provide a way to convert JSON to FDT
  lib: Bring in argon2 library
  lib: Adapt argon2 library for U-Boot
  lib: Plumb in argon2 library
  test: Shorten the encrypt_passphrase parameter for FsHelper
  test: Add a way to create a LUKS2 partition with XTS
  test: Switch mmc12 over to use argon2id
  luks: Export the af_merge() function
  luks: Tidy up the code style in the block driver
  luks: Provide an implementation of luks2
  luks: Enable LUKSv2 support in the luks command
  luks: Update docs and tests for LUKSv2

 cmd/luks.c                           |   5 +-
 configs/sandbox_defconfig            |   4 +-
 doc/usage/cmd/luks.rst               |  42 +-
 doc/usage/luks.rst                   | 302 +++++++--
 drivers/block/Makefile               |   2 +-
 drivers/block/luks.c                 | 233 +++++--
 drivers/block/luks2.c                | 974 +++++++++++++++++++++++++++
 drivers/block/luks_internal.h        |  43 ++
 drivers/misc/Kconfig                 |   2 +-
 fs/btrfs/Kconfig                     |   2 +-
 include/argon2.h                     | 448 ++++++++++++
 include/json.h                       |  34 +
 include/luks.h                       |   4 +-
 include/test/ut.h                    |  28 +-
 lib/Kconfig                          |  14 +-
 lib/Makefile                         |   4 +
 lib/argon2/Makefile                  |  10 +
 lib/argon2/argon2_wrapper.c          | 469 +++++++++++++
 lib/argon2/blake2/blake2-impl.h      | 156 +++++
 lib/argon2/blake2/blake2.h           |  90 +++
 lib/argon2/blake2/blake2b.c          | 391 +++++++++++
 lib/argon2/blake2/blamka-round-ref.h |  57 ++
 lib/argon2/core.c                    | 616 +++++++++++++++++
 lib/argon2/core.h                    | 229 +++++++
 lib/argon2/ref.c                     | 195 ++++++
 lib/json.c                           | 612 ++++++++++++++++-
 lib/mbedtls/Makefile                 |   5 +
 lib/mbedtls/mbedtls_def_config.h     |   8 +
 test/boot/luks.c                     |  29 +
 test/lib/json.c                      | 337 ++++++++-
 test/py/img/common.py                |   9 +-
 test/py/img/ubuntu.py                |   6 +-
 test/py/tests/fs_helper.py           |  52 +-
 test/py/tests/test_ut.py             |   3 +-
 34 files changed, 5256 insertions(+), 159 deletions(-)
 create mode 100644 drivers/block/luks2.c
 create mode 100644 drivers/block/luks_internal.h
 create mode 100644 include/argon2.h
 create mode 100644 lib/argon2/Makefile
 create mode 100644 lib/argon2/argon2_wrapper.c
 create mode 100644 lib/argon2/blake2/blake2-impl.h
 create mode 100644 lib/argon2/blake2/blake2.h
 create mode 100644 lib/argon2/blake2/blake2b.c
 create mode 100644 lib/argon2/blake2/blamka-round-ref.h
 create mode 100644 lib/argon2/core.c
 create mode 100644 lib/argon2/core.h
 create mode 100644 lib/argon2/ref.c

-- 
2.43.0

base-commit: 39a81c884d1750071549da405fc5fdfe1f1270c9
branch: sece