Blonging for Freedom/ experiencing life again

Blonging for Freedom ? ~ *

Myself

This is Alexandre Oliva's personal blog, that does not necessarily represent the opinions held by FSFLA, FSF, AdaCore or any other organization the author may be or may have been associated with, or even by myself, as of now or ever.

See also my home page, where I share my speeches, and follow me on the Fediverse, where I post other thoughts.

I'm also lxo in the GNU Jami P2P network and on IRC (libera.chat, oftc.net, techrights.org), and I have a Tox ID.

This blog has different entries in Portuguese, Spanish, and perhaps in other languages. Its commit history is at <git://git.lx.oliva.nom.br/blog>.

Legal matters

The following catch-all copyright notice and permission apply to all documents and postings in this blog that don't contain a copyright notice of their own, and whose copyright can be reasonably assumed to be held by Alexandre Oliva.

Copyright 2007-2025 Alexandre Oliva

Permission is granted to make and distribute verbatim copies of this entire document worldwide without royalty, provided the copyright notice, the document's official URL, and this permission notice are preserved.

The following licensing terms also apply to all documents and postings in this blog that don't contain a copyright notice of their own, or that contain a notice equivalent to the one above, and whose copyright can be reasonably assumed to be held by Alexandre Oliva.

This work is licensed under the Creative Commons License BY-SA (Attribution ShareAlike) 3.0 Unported. To see a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.

Anti-piracy policy

Please do not attack ships, especially while visiting this site!

Continuing the near death experience saga, I have some good news to share.

The failing disk resisted resyncing too hard, and eventually I gave up. I got a new one, put it in place, set up an encrypted LVM, synced up the raid1 subvolume, lowered anxiety, installed grub on the disk, and there!, I still had an unbootable system without the flash drive I'd set up to boot it up.

Further investigation revealed that this is a known limitation of GNU GRUB 2.06 on Trisquel 11 (and also on GNUboot 0.1rc1), when it comes to decrypting LUKS2 volumes with argon2id PBKDF.

(Side conclusion: unlike my earlier claim, I mustn't have tested booting up with only the external disk plugged in: unlike the much older internal disk, the external one had been created with LUKS2 Argon2ID, so there's no chance whatsoever that the test would have succeeded.)

Adding a pbkdf2 key to both encrypted volumes enabled GNUboot to decrypt them.

Rebuilding grub2-2.12 from the upcoming Trisquel release seems to have enabled at least grub-probe to recognize the LUKS2 volumes and create a reasonable-looking grub.cfg that attempts to cryptomount them both. I'm yet to reboot to test it, but I expect it to succeed at decrypting them as well, using the PBKDF2 key, and then I'll be back to easy reboots with SEABIOS loading GNU GRUB from the disk.

Hopefully future releases of Trisquel, and of GNUboot, will integrate existing improvements for GNU GRUB that enable LUKS2 Argon2ID support.

So blong,