Add interface to change LUKS iteration time (#3634)

* Added User Interface to change iteration time for LUKS encryption * removing unneessary try catch and imports * used the same constant in luks.py file * fixed issue with error firing in default value * fixed ruf preview warnings * preview even if its default value. (iter_time) * check encryption type is not non before showing iter_time * using _real_input with input_vp instead of _current_text * proper check for enc_type * added Interation time to outer menu preview * removed (ms) from title. so that we don't need to translate "Iteration time" and "iteration time (ms)". * a comment slipped in. this was not supposed to be in this pull * fixed comparison str with EncryptionType
2025-06-30 01:11:24 +00:00 · 2025-06-30 01:11:24 +00:00 · b3b00aa00f
parent 19459731ad
commit b3b00aa00f
8 changed files with 118 additions and 9 deletions
--- a/archinstall/lib/disk/device_handler.py
+++ b/archinstall/lib/disk/device_handler.py
@ -14,6 +14,7 @@ from ..exceptions import DiskError, SysCallError, UnknownFilesystemFormat
 from ..general import SysCommand, SysCommandWorker
 from ..luks import Luks2
 from ..models.device_model import (
 	DEFAULT_ITER_TIME,
 	BDevice,
 	BtrfsMountOption,
 	DeviceModification,
@ -308,6 +309,7 @@ class DeviceHandler:
 		mapper_name: str | None,
 		enc_password: Password | None,
 		lock_after_create: bool = True,
 		iter_time: int = DEFAULT_ITER_TIME,
 	) -> Luks2:
 		luks_handler = Luks2(
 			dev_path,
@ -315,7 +317,7 @@ class DeviceHandler:
 			password=enc_password,
 		)
-		key_file = luks_handler.encrypt()
+		key_file = luks_handler.encrypt(iter_time=iter_time)
 		self.udev_sync()
@ -346,7 +348,7 @@ class DeviceHandler:
 			password=enc_conf.encryption_password,
 		)
-		key_file = luks_handler.encrypt()
+		key_file = luks_handler.encrypt(iter_time=enc_conf.iter_time)
 		self.udev_sync()
--- a/archinstall/lib/disk/disk_menu.py
+++ b/archinstall/lib/disk/disk_menu.py
@ -3,6 +3,7 @@ from typing import override
 from archinstall.lib.disk.encryption_menu import DiskEncryptionMenu
 from archinstall.lib.models.device_model import (
 	DEFAULT_ITER_TIME,
 	BtrfsOptions,
 	DiskEncryption,
 	DiskLayoutConfiguration,
@ -255,12 +256,15 @@ class DiskLayoutConfigurationMenu(AbstractSubMenu[DiskLayoutConfiguration]):
 			return tr('LVM disk encryption with more than 2 partitions is currently not supported')
 		if enc_config:
-			enc_type = EncryptionType.type_to_text(enc_config.encryption_type)
+			enc_type = enc_config.encryption_type
-			output = tr('Encryption type') + f': {enc_type}\n'
+			output = tr('Encryption type') + f': {EncryptionType.type_to_text(enc_type)}\n'
 			if enc_config.encryption_password:
 				output += tr('Password') + f': {enc_config.encryption_password.hidden()}\n'
 			if enc_type != EncryptionType.NoEncryption:
 				output += tr('Iteration time') + f': {enc_config.iter_time or DEFAULT_ITER_TIME}ms\n'
 			if enc_config.partitions:
 				output += f'Partitions: {len(enc_config.partitions)} selected\n'
 			elif enc_config.lvm_volumes:
--- a/archinstall/lib/disk/encryption_menu.py
+++ b/archinstall/lib/disk/encryption_menu.py
@ -11,13 +11,13 @@ from archinstall.lib.models.device_model import (
 	PartitionModification,
 )
 from archinstall.lib.translationhandler import tr
-from archinstall.tui.curses_menu import SelectMenu
+from archinstall.tui.curses_menu import EditMenu, SelectMenu
 from archinstall.tui.menu_item import MenuItem, MenuItemGroup
 from archinstall.tui.result import ResultType
 from archinstall.tui.types import Alignment, FrameProperties
 from ..menu.abstract_menu import AbstractSubMenu
-from ..models.device_model import Fido2Device
+from ..models.device_model import DEFAULT_ITER_TIME, Fido2Device
 from ..models.users import Password
 from ..output import FormattedOutput
 from ..utils.util import get_password
@ -65,6 +65,14 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
 				preview_action=self._preview,
 				key='encryption_password',
 			),
 			MenuItem(
 				text=tr('Iteration time'),
 				action=select_iteration_time,
 				value=self._enc_config.iter_time,
 				dependencies=[self._check_dep_enc_type],
 				preview_action=self._preview,
 				key='iter_time',
 			),
 			MenuItem(
 				text=tr('Partitions'),
 				action=lambda x: select_partitions_to_encrypt(self._device_modifications, x),
@ -120,6 +128,7 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
 		enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
 		enc_password: Password | None = self._item_group.find_by_key('encryption_password').value
 		iter_time: int | None = self._item_group.find_by_key('iter_time').value
 		enc_partitions = self._item_group.find_by_key('partitions').value
 		enc_lvm_vols = self._item_group.find_by_key('lvm_volumes').value
@ -140,6 +149,7 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
 				partitions=enc_partitions,
 				lvm_volumes=enc_lvm_vols,
 				hsm_device=self._enc_config.hsm_device,
 				iter_time=iter_time or DEFAULT_ITER_TIME,
 			)
 		return None
@ -153,6 +163,9 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
 		if (enc_pwd := self._prev_password()) is not None:
 			output += f'\n{enc_pwd}'
 		if (iter_time := self._prev_iter_time()) is not None:
 			output += f'\n{iter_time}'
 		if (fido_device := self._prev_hsm()) is not None:
 			output += f'\n{fido_device}'
@ -214,6 +227,15 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
 		output += f' ({fido_device.manufacturer}, {fido_device.product})'
 		return f'{tr("HSM device")}: {output}'
 	def _prev_iter_time(self) -> str | None:
 		iter_time = self._item_group.find_by_key('iter_time').value
 		enc_type = self._item_group.find_by_key('encryption_type').value
 		if iter_time and enc_type != EncryptionType.NoEncryption:
 			return f'{tr("Iteration time")}: {iter_time}ms'
 		return None
 def select_encryption_type(
 	device_modifications: list[DeviceModification],
@ -354,3 +376,42 @@ def select_lvm_vols_to_encrypt(
 				return volumes
 	return []
 def select_iteration_time(preset: int | None = None) -> int | None:
 	header = tr('Enter iteration time for LUKS encryption (in milliseconds)') + '\n'
 	header += tr('Higher values increase security but slow down boot time') + '\n'
 	header += tr(f'Default: {DEFAULT_ITER_TIME}ms, Recommended range: 1000-60000') + '\n'
 	def validate_iter_time(value: str | None) -> str | None:
 		if not value:
 			return None
 		try:
 			iter_time = int(value)
 			if iter_time < 100:
 				return tr('Iteration time must be at least 100ms')
 			if iter_time > 120000:
 				return tr('Iteration time must be at most 120000ms')
 			return None
 		except ValueError:
 			return tr('Please enter a valid number')
 	result = EditMenu(
 		tr('Iteration time'),
 		header=header,
 		alignment=Alignment.CENTER,
 		allow_skip=True,
 		default_text=str(preset) if preset else str(DEFAULT_ITER_TIME),
 		validator=validate_iter_time,
 	).input()
 	match result.type_:
 		case ResultType.Skip:
 			return preset
 		case ResultType.Selection:
 			if not result.text():
 				return preset
 			return int(result.text())
 		case ResultType.Reset:
 			return None
--- a/archinstall/lib/disk/filesystem.py
+++ b/archinstall/lib/disk/filesystem.py
@ -287,6 +287,7 @@ class FilesystemHandler:
 					vol.mapper_name,
 					enc_config.encryption_password,
 					lock_after_create,
 					iter_time=enc_config.iter_time,
 				)
 				enc_vols[vol] = luks_handler
@ -317,6 +318,7 @@ class FilesystemHandler:
 						part_mod.mapper_name,
 						enc_config.encryption_password,
 						lock_after_create=lock_after_create,
 						iter_time=enc_config.iter_time,
 					)
 					enc_mods[part_mod] = luks_handler
--- a/archinstall/lib/luks.py
+++ b/archinstall/lib/luks.py
@ -7,6 +7,7 @@ from subprocess import CalledProcessError
 from types import TracebackType
 from archinstall.lib.disk.utils import get_lsblk_info, umount
 from archinstall.lib.models.device_model import DEFAULT_ITER_TIME
 from .exceptions import DiskError, SysCallError
 from .general import SysCommand, SysCommandWorker, generate_password, run
@ -76,7 +77,7 @@ class Luks2:
 		self,
 		key_size: int = 512,
 		hash_type: str = 'sha512',
-		iter_time: int = 10000,
+		iter_time: int = DEFAULT_ITER_TIME,
 		key_file: Path | None = None,
 	) -> Path | None:
 		debug(f'Luks2 encrypting: {self.luks_dev_path}')
--- a/archinstall/lib/models/device_model.py
+++ b/archinstall/lib/models/device_model.py
@ -19,6 +19,7 @@ from ..models.users import Password
 from ..output import debug
 ENC_IDENTIFIER = 'ainst'
 DEFAULT_ITER_TIME = 10000
 class DiskLayoutType(Enum):
@ -1471,6 +1472,7 @@ class _DiskEncryptionSerialization(TypedDict):
 	partitions: list[str]
 	lvm_volumes: list[str]
 	hsm_device: NotRequired[_Fido2DeviceSerialization]
 	iter_time: NotRequired[int]
@dataclass
@ -1480,6 +1482,7 @@ class DiskEncryption:
 	partitions: list[PartitionModification] = field(default_factory=list)
 	lvm_volumes: list[LvmVolume] = field(default_factory=list)
 	hsm_device: Fido2Device | None = None
 	iter_time: int = DEFAULT_ITER_TIME
 	def __post_init__(self) -> None:
 		if self.encryption_type in [EncryptionType.Luks, EncryptionType.LvmOnLuks] and not self.partitions:
@ -1504,6 +1507,9 @@ class DiskEncryption:
 		if self.hsm_device:
 			obj['hsm_device'] = self.hsm_device.json()
 		if self.iter_time != DEFAULT_ITER_TIME:  # Only include if not default
 			obj['iter_time'] = self.iter_time
 		return obj
 	@classmethod
@ -1559,6 +1565,9 @@ class DiskEncryption:
 		if hsm := disk_encryption.get('hsm_device', None):
 			enc.hsm_device = Fido2Device.parse_arg(hsm)
 		if iter_time := disk_encryption.get('iter_time', None):
 			enc.iter_time = iter_time
 		return enc
--- a/archinstall/locales/base.pot
+++ b/archinstall/locales/base.pot
@ -959,6 +959,33 @@ msgstr ""
 msgid "Encryption type"
 msgstr ""
 msgid "Iteration time"
 msgstr ""
 msgid "Enter iteration time for LUKS encryption (in milliseconds)"
 msgstr ""
 msgid "Higher values increase security but slow down boot time"
 msgstr ""
 msgid "Default: 10000ms, Recommended range: 1000-60000"
 msgstr ""
 msgid "Iteration time"
 msgstr ""
 msgid "Iteration time cannot be empty"
 msgstr ""
 msgid "Iteration time must be at least 100ms"
 msgstr ""
 msgid "Iteration time must be at most 120000ms"
 msgstr ""
 msgid "Please enter a valid number"
 msgstr ""
 msgid "Partitions"
 msgstr ""
--- a/archinstall/tui/curses_menu.py
+++ b/archinstall/tui/curses_menu.py
@ -566,7 +566,10 @@ class EditMenu(AbstractCurses[str]):
 				entry = ViewportEntry(err, 0, 0, STYLE.ERROR)
 				self._info_vp.update([entry], 0)
 				self._set_default_info = False
-				self._real_input = ''
+
 				if self._hide_input:
 					self._real_input = ''
 				return None
 		return text
@ -586,7 +589,7 @@ class EditMenu(AbstractCurses[str]):
 			if self._set_default_info and self._info_vp:
 				self._info_vp.update([self._only_ascii_text], 0)
-			self._input_vp.edit(default_text=self._current_text)
+			self._input_vp.edit(default_text=self._real_input)
 	@override
 	def kickoff(self, win: curses.window) -> Result[str]: