Administration/pmbootstrap-meow
2
0
Fork 0
forked from Mirror/pmbootstrap
Code Pull requests Activity Actions

pmb.config.cipher: set default to aes-xts-plain64 (MR 1958)

Browse source 
Replace aes-cbc-plain64 with the stronger cipher aes-xts-plain64.
CONFIG_CRYPTO_XTS is necessary for this, so require it in
"pmbootstrap kconfig check".

Related: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#5-security-aspects
This commit is contained in:
Oliver Smith 2020-07-08 16:14:15 +02:00
parent ec71670f20
commit 05c013536d
No known key found for this signature in database
GPG key ID: 5AE7F5513E0885CB
6 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
test/testdata/kconfig_check/bad-array-missing-some-options vendored
View file

@ -29,6 +29,7 @@ CONFIG_SYSVIPC=y
CONFIG_VT=y
CONFIG_UEVENT_HELPER=y
CONFIG_LBDAF=y
CONFIG_CRYPTO_XTS=y
CONFIG_EXT4_FS=y
CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_XZ=y