I just tried out systemd-boot. What I noticed, it doesn't ask for my decryption password to decrypt both my LUKS2 encrypted root and swap partition. This kinda defeats the purpose of encrypted drives. How do I have systemd-boot forget and never again remember my credentials? For the installation, I just installed systemd-boot. Afterward I had to uncomment the timeout option in /boot/efi/loader/loader.conf so I would get the selection screen, but I didn't make any other modifications. So what exactly is missing? Adding to that, resume from hibernate doesn't seem to work.
Resume is included in the options line in the
/boot/efi/loader/entries files, it's also enabled in
initramfs-tools, yet after powering on after hibernating, I'm not
greeted with where I left off. PS: by any chance does anybody know if systemd-boot supports Argon2 KDF for LUKS2? I only know that Grub2 doesn't (yet), but it's difficult to find the specific documentation on systemd-boot. |