Does GnuBoot support argon2id?
Hi all. I saw this photo (attached a screenshot) I wanted to clarify that GnuBoot currently supports encryption with argon2id?
Sorry the photo is so big, I don't see the edit button
I am a translator!
Until mainline GRUB supports argon2id, it seems unlikely that GRUB in GNU boot supports it. However, a better place to ask would be #gnuboot on libera.chat.
Hello Avron. Thank you very much for your detailed answer.
gnuboot does not currently support argon2, because they still use GRUB 2.06 and have not patched it; GRUB 2.12 doesn't either, but libreboot and canoeboot patch it to support argon2.
GRUB (upstream) is planning to replace its crypto libraries in the (near? far?) future to include it, but I'm told that it won't be until GRUB 2.14 likely, until GRUB has argon2.
My source is: Danier Kiper, on grub-devel mailing list, when I proposed merging the PHC argon2 patches that libreboot uses. Daniel is the leading developer of GRUB.
Adrien of gnuboot has told me himself that gnuboot policy is to avoid heavily patching upstream projects, and defer to upstream, so they probably won't have argon2 soon. Adrien told me that on the gnuboot-patches mailing list. Or mighht have been Denis.
Their policy is in sharp contrast to canoeboot; in Canoeboot and Libreboot, between all the upstreams, I sometimes have hundreds of patches out-of-tree. Currently it's about 150 between them all.
PS: canoeboot did a release today and also adds NVMe support to GRUB, which may benefit KGPE-D16 users with PCI-E adapters cards for that:
https://canoeboot.org/news/canoeboot20240612.html
and canoeboot supports argon2, so you can unlock luks2 partitions just fine.