Oh, I wasn’t aware of that. Thank you for letting me know. I’ve revoked admin and moderator status from this account, so it should be possible to ignore and mute me now.
Despite the usual expectations from upstream Linux distros, the Qubes Project should consider addressing this as an acute need on its own with a ‘fixer’ script. And since the case has been made that there’s nothing really Qubes-specific here, such a solution can be made generally available (for whatever distro) as a way to promote mind-share and goodwill.
A good way to do it might be to find the overlap between blkid output and what’s in /etc/crypttab, then list those /dev paths and give a Y/N prompt to proceed. Afterward, scan the cryptsetup luksDump output to make sure the volumes are set to argon2id. The script could then cycle back to offer to convert LUKS volumes that were not listed in crypttab.
1 Like
What scenarios would those be?
Is it when users don’t install on bare metal but VM Qubes itself onto another hypervizer?