Device specific LUKS2 provisioning attributes for IDP. A device layer may use these to describe preferences for its LUKS2 encrypted volumes. Values are passed through to libcryptsetup. See https://gitlab.com/cryptsetup/cryptsetup and cryptsetup(8). Downstream layer implementation-dependent.
Declares (prefix: device):
| Variable | Description | Default | Validation | Policy |
|---|---|---|---|---|
IGconf_device_luks2_cipher |
The cipher specification for LUKS2 creation. |
aes-xts-plain64
|
Non-empty string value | lazy |
IGconf_device_luks2_hash |
The hash algorithm used for LUKS2 metadata integrity. |
sha256
|
Non-empty string value | lazy |
IGconf_device_luks2_keysize |
The LUKS2 encryption key size in bits. |
256
|
Must be one of: 128, 256, 512 | lazy |
File: rpi/device/provisioning/luks2.yaml
Type: static