lvm-luks-4.ks.in

%ksappend repos/default.ks
network --bootproto=dhcp

bootloader --timeout=1
zerombr
clearpart --all --initlabel

# Test LUKS 2 with argon2i and options --pbkdf-iterations and --pbkdf-memory.

reqpart
part /boot --fstype="ext4" --size=1024
part pv.1 --fstype="lvmpv" --size=8915

volgroup fedora pv.1

logvol / --name=root --vgname=fedora --fstype="ext4" --grow --size=1024 --encrypted --passphrase="passphrase" --luks-version=luks2 --pbkdf=argon2i --pbkdf-iterations=4 --pbkdf-memory=64
logvol swap --name=swap --vgname=fedora --fstype="swap" --size=1023

keyboard us
lang en
timezone America/New_York
rootpw qweqwe
shutdown

%packages
%end

%post

# Set the crypted device.
crypted="/dev/mapper/fedora-root"

# Check the PBKDF.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "PBKDF:") print $2; }' )"

if [[ "$result" != "argon2i" ]] ; then
    echo "*** unexpected PBKDF for ${crypted}: ${result}" >> /root/RESULT
fi

# Check the iterations.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "Time" && $2 == "cost:") print $3; }' )"

if [[ "$result" != "4" ]] ; then
    echo "*** unexpected iterations for ${crypted}: ${result}" >> /root/RESULT
fi

# Check the memory.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "Memory:") print $2; }' )"

if [[ "$result" != "64" ]] ; then
    echo "*** unexpected memory for ${crypted}: ${result}" >> /root/RESULT
fi

# The test was successful.
if [ ! -e /root/RESULT ]; then
    echo SUCCESS > /root/RESULT
fi

%end