football

Files

Charles N Wyble 5b01cfd71b feat: add Argon2id KDF configuration for LUKS2 (FINDING-005)

Debian partman-crypto does not support preseed configuration for KDF
type, defaulting to PBKDF2. PRD requires Argon2id for its superior
resistance to GPU-based attacks.

Solution: Post-install hook that creates:
- /usr/local/bin/convert-luks-kdf.sh: User-runnable script to convert
  PBKDF2 to Argon2id with proper parameters (memory=1GB, parallelism=4)
- /etc/profile.d/knel-kdf-reminder.sh: Login reminder until conversion
- Updated /var/backups/keys/README.txt with conversion instructions

Tests added (3 new):
- Argon2id KDF configuration hook or script exists
- KDF conversion helper script is created
- User receives notification about KDF optimization

Reference: docs/PRD.md encryption requirements
Audit: FINDING-005 (2026-02-20)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-02-20 11:00:23 -05:00

build-iso_comprehensive_test.bats

fix: pin all package versions for reproducible builds (FINDING-006)

2026-02-20 10:54:34 -05:00

desktop-environment_test.bats

test: expand integration tests and add unit tests for hooks

2026-02-19 17:41:08 -05:00

encryption-setup_test.bats

feat: add Argon2id KDF configuration for LUKS2 (FINDING-005)

2026-02-20 11:00:23 -05:00

encryption-validation_test.bats

fix: standardize username to 'football' in all hooks (FINDING-008)