gentoo-config-luks2-grub-systemd: Update for GRUB 2.12

content/en/collections/gentoo-config-luks2-grub-systemd/_index.md

@@ -30,14 +30,12 @@ articles in this collection.
 
 ## Caveats and Disclaimers
 
-- This tutorial depends on **unofficial modifications** to GRUB 2.06.  The
-  patches for these modifications are from staged commits for the next GRUB
-  release, the [grub-devel mailing list][grub-devel-archive], and a modified
-  GRUB package on the [Arch User Repository (AUR)][arch-wiki-aur].  Although
-  these patches have been tested by myself and have not exhibited any issues so
-  far, and they presumably have also been tested by their original authors,
+- This tutorial depends on **unofficial modification** to GRUB.  The patch for
+  the modification is from the [grub-devel mailing list][grub-devel-archive].
+  Although the patch has been tested by myself and has not exhibited any issues
+  so far, and it presumably has also been tested by their original authors,
   reviewers, testers, and some other users too, there is **no guarantee** on
-  the modifications' functionality, stability, compatibility, security, or
+  the modification's functionality, stability, compatibility, security, or
   performance whatsoever.
 
 - This tutorial gives **no professional advice on computer security**.
@@ -58,4 +56,3 @@ my best to make the information in this tutorial accurate, but still, **use it
 at your own risk**.
 
 [grub-devel-archive]: https://lists.gnu.org/archive/html/grub-devel/
-[arch-wiki-aur]: https://wiki.archlinux.org/title/Arch_User_Repository

content/en/collections/gentoo-config-luks2-grub-systemd/goals.md

@@ -46,7 +46,7 @@ following configuration:
     - A Btrfs volume with one or more subvolumes
     - An LVM physical volume with one or more logical volumes
 
-- **GRUB 2.06** is used as the bootloader.
+- **GRUB** is used as the bootloader.
 - **systemd** is used as the init system.
 - **dracut** is used as the initramfs generator.
   - An initramfs is required for this configuration because unlocking the LUKS

content/en/collections/gentoo-config-luks2-grub-systemd/setup-process/configure-gentoo/packages.md

@@ -4,7 +4,8 @@ weight: 332
 vars:
   patches_base_url: "res/collections/gentoo-config-luks2-grub-systemd"
   memregion_patch: "4500-grub-2.06-runtime-memregion-alloc.patch"
-  argon2_patch: "5000-grub-2.06-luks2-argon2-v4.patch"
+  argon2_patch_206: "5000-grub-2.06-luks2-argon2-v4.patch"
+  argon2_patch_212: "grub-2.12-luks2-argon2-v4.patch"
   aur_patch: "9500-grub-AUR-improved-luks2.patch"
 ---
 
@@ -35,59 +36,118 @@ USE flag must be disabled so `cryptsetup` can be built into the initramfs by
 dracut, or else the LUKS partition could not be unlocked during boot.
 {.notice--success}
 
-## Add Patches for GRUB 2.06
+## Add Patches for GRUB
+
+Neither GRUB 2.12 nor GRUB 2.06 supports the Argon2id PBKDF; GRUB 2.06 even has
+more limitations on LUKS2 support.  Therefore, both GRUB 2.12 and GRUB 2.06
+need some patch for LUKS2 with Argon2id support.
+
+### GRUB 2.12
+
+GRUB 2.12 only needs one patch [`{{< param vars.argon2_patch_212 >}}`]({{<
+patchesBaseURL.inline >}}{{- relURL .Page.Params.vars.patches_base_url -}}
+{{< /patchesBaseURL.inline >}}/{{< param vars.argon2_patch_212 >}}) to get
+support for LUKS2 with Argon2.  This patch was originally [submitted to the
+grub-devel mailing list][grub-devel-argon2-v4] and targeted GRUB 2.06; I ported
+it to GRUB 2.12, and it still works.
+
+This patch has not been merged into GRUB, nor is it likely to be merged in the
+future.  The patch's author [commented][grub-2.12-argon2] that, after the patch
+had been created, one dependency of GRUB gained Argon2 support, so the best way
+to add Argon2 support to GRUB became upgrading that dependency in GRUB's source
+tree.  What the patch does instead is adding the Argon2 reference
+implementation to GRUB, which has become redundant after the said dependency's
+new version would also add Argon2 support.
+
+To apply this patch to Gentoo's GRUB package -- `sys-boot/grub`, add it as a
+[Portage user patch][gentoo-wiki-etc-portage-patches] to
+`/etc/portage/patches/sys-boot/grub-2.12`.  Patches at this location are
+applied to all Gentoo revisions of GRUB 2.12 (`-r1`, `-r2`, etc.).  The
+following commands may be used to do this:
 
-GRUB 2.06 has [limited support for LUKS2][arch-wiki-grub-luks2].  Although code
-implementing partial LUKS2 support exists in this version, the bootloader files
-installed using the default procedure do not support LUKS2.  Argon2id is not
-supported at all in this version either.
+{{< commands.inline >}}
+{{ $content := `# mkdir -p /etc/portage/patches/sys-boot/grub-2.12
+# cd /etc/portage/patches/sys-boot/grub-2.12
+` }}
+{{- $patches := slice
+    .Page.Params.vars.argon2_patch_212
+}}
+{{- range $patches }}
+{{- $url := printf "%s/%s" $.Page.Params.vars.patches_base_url . | absURL }}
+{{- $content = print $content "# curl -O " $url | println }}
+{{- end }}
+{{- highlight $content "console" }}
+{{< /commands.inline >}}
+
+Readers who are interested in learning more about Portage's user patch feature
+are welcome to read [another article on this website][portage-user-patches]
+that discusses it in depth.
+{.notice--success}
+
+Because this patch modifies the file `grub-core/Makefile.core.def`, according
+to the [`sys-boot/grub` ebuild][ebuild-sys-boot:grub], the `GRUB_AUTOGEN` and
+`GRUB_AUTORECONF` environment variables must be set.  **Otherwise, any builds
+of the package with the patch applied would fail.**  The environment variable
+can be set exclusively for all Gentoo revisions of `sys-boot/grub-2.12` in file
+`/etc/portage/env/sys-boot/grub-2.12`:
+
+```console
+# mkdir -p /etc/portage/env/sys-boot
+# echo -e 'GRUB_AUTOGEN=1\nGRUB_AUTORECONF=1' >> /etc/portage/env/sys-boot/grub-2.12
+```
+
+[grub-devel-argon2-v4]: https://lists.gnu.org/archive/html/grub-devel/2021-08/msg00027.html
+[grub-2.12-argon2]: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00094.html
+[gentoo-wiki-etc-portage-patches]: https://wiki.gentoo.org/wiki//etc/portage/patches
+[portage-user-patches]: {{< relref "2021-03-01-portage-user-patches" >}}
+[ebuild-sys-boot:grub]: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-boot/grub/grub-2.12.ebuild?id=76418694270557b6feb75381912a39569ee28d45#n6
+
+### GRUB 2.06
+
+GRUB 2.06's support for LUKS2 is [more limited][arch-wiki-grub-luks2].
+Although code implementing partial LUKS2 support exists in this version, the
+bootloader files installed using the default procedure do not support LUKS2.
 
 Luckily, after applying the following patches to GRUB 2.06, LUKS2 support can
 be added to the installed bootloader files automatically, and Argon2id is
 supported too.
 
-- [`{{< param vars.memregion_patch >}}`]({{< patchesBaseURL.inline >}}
-{{- relURL .Page.Params.vars.patches_base_url -}}
-{{< /patchesBaseURL.inline >}}/{{< param vars.memregion_patch >}}): A patch set
-  that allows GRUB to allocate new consecutive and large memory chunks, which
-  is a prerequisite for Argon2 support in GRUB.  Argon2 enhances the security
-  of LUKS by increasing the size of memory required for unlocking computations,
-  so GRUB must be able to allocate more memory when needed.  This patch set was
-  cherry-picked from [changes staged for the next GRUB
-  release][grub-git-memregion-patch].
-
-- [`{{< param vars.argon2_patch >}}`]({{< patchesBaseURL.inline />}}/{{< param
-  vars.argon2_patch >}}): The patch set that adds Argon2 support itself to
-  GRUB.  It was [submitted to the grub-devel mailing
-  list][grub-devel-argon2-v4], but the GRUB project's maintainers have not
-  responded with regards to it yet.
+- [`{{< param vars.memregion_patch >}}`]({{< patchesBaseURL.inline />}}/{{<
+  param vars.memregion_patch >}}): A patch set that allows GRUB to allocate new
+  consecutive and large memory chunks, which is a prerequisite for Argon2
+  support in GRUB.  Argon2 enhances the security of LUKS by increasing the size
+  of memory required for unlocking computations, so GRUB must be able to
+  allocate more memory when needed.  This patch set was cherry-picked from
+  [GRUB 2.12][grub-git-memregion-patch].
+
+- [`{{< param vars.argon2_patch_206 >}}`]({{< patchesBaseURL.inline />}}/{{<
+  param vars.argon2_patch_206 >}}): The patch set that adds Argon2 support
+  itself to GRUB.  This patch is equivalent to the only patch needed for GRUB
+  2.12 mentioned above.
 
 - [`{{< param vars.aur_patch >}}`]({{< patchesBaseURL.inline />}}/{{< param
   vars.aur_patch >}}): A patch [included][aur-git-grub-install-luks2-patch] in
   the [`grub-improved-luks2-git`][aur-grub-improved-luks2-git] package on the
   AUR, which is what the Arch Wiki's GRUB article recommends for users seeking
-  great LUKS2 support in GRUB.  This patch allows the `grub-install` command to
-  automatically install bootloader files with LUKS2 support.
+  great LUKS2 support in GRUB.  This patch allows GRUB 2.06's `grub-install`
+  command to automatically install bootloader files with LUKS2 support.
 
 The numbers in front of the patches' file names are there only to control the
 order in which they are applied (patches with a smaller ordinal are applied
 first).  As long as the order is maintained, these numbers' values are
 arbitrary.
 {.notice--info}
 
-To apply these patches to Gentoo's GRUB package -- `sys-boot/grub`, add them as
-[Portage user patches][gentoo-wiki-etc-portage-patches] to
-`/etc/portage/patches/sys-boot/grub-2.06`.  Patches at this location are
-applied to all Gentoo revisions of GRUB 2.06 (`-r3`, `-r4`, etc.).  The
-following commands may be used to do this:
+Similar to the case of GRUB 2.12, add these patches as Portage user patches to
+`/etc/portage/patches/sys-boot/grub-2.06`:
 
 {{< commands.inline >}}
 {{ $content := `# mkdir -p /etc/portage/patches/sys-boot/grub-2.06
 # cd /etc/portage/patches/sys-boot/grub-2.06
 ` }}
 {{- $patches := slice
     .Page.Params.vars.memregion_patch
-    .Page.Params.vars.argon2_patch
+    .Page.Params.vars.argon2_patch_206
     .Page.Params.vars.aur_patch
 }}
 {{- range $patches }}
@@ -97,32 +157,18 @@ following commands may be used to do this:
 {{- highlight $content "console" }}
 {{< /commands.inline >}}
 
-Readers who are interested in learning more about Portage's user patch feature
-are welcome to read [another article on this website][portage-user-patches]
-that discusses it in depth.
-{.notice--success}
-
-Because the patch set for Argon2 support modifies the file
-`grub-core/Makefile.core.def`, according to the [`sys-boot/grub`
-ebuild][ebuild-sys-boot:grub], the `GRUB_AUTOGEN` environment variable must be
-set.  **Otherwise, any builds of the package with the patch set applied would
-fail.**  The environment variable can be set exclusively for all Gentoo
-revisions of `sys-boot/grub-2.06` in file
+Then, add the required environment variables to
 `/etc/portage/env/sys-boot/grub-2.06`:
 
 ```console
 # mkdir -p /etc/portage/env/sys-boot
-# echo 'GRUB_AUTOGEN=1' >> /etc/portage/env/sys-boot/grub-2.06
+# echo -e 'GRUB_AUTOGEN=1\nGRUB_AUTORECONF=1' >> /etc/portage/env/sys-boot/grub-2.06
 ```
 
 [arch-wiki-grub-luks2]: https://wiki.archlinux.org/title/GRUB#LUKS2
 [grub-git-memregion-patch]: https://git.savannah.gnu.org/cgit/grub.git/log/?qt=range&q=8afa5ef45..1df293482
-[grub-devel-argon2-v4]: https://lists.gnu.org/archive/html/grub-devel/2021-08/msg00027.html
 [aur-grub-improved-luks2-git]: https://aur.archlinux.org/packages/grub-improved-luks2-git
 [aur-git-grub-install-luks2-patch]: https://aur.archlinux.org/cgit/aur.git/tree/grub-install_luks2.patch?h=grub-improved-luks2-git&id=27612416769e544d2c08d29932fff69129cb143a
-[gentoo-wiki-etc-portage-patches]: https://wiki.gentoo.org/wiki//etc/portage/patches
-[portage-user-patches]: {{< relref "2021-03-01-portage-user-patches" >}}
-[ebuild-sys-boot:grub]: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-boot/grub/grub-2.06-r4.ebuild?id=56e6e30263e56771de876c0e053561a54fd19ed1#n13
 
 ## New Installation Only: Initialize Portage