Open
Description
Is your feature request related to a problem? Please describe.
Older key derivation functions are considered insecure and we should try to make sure that LUKS encrypted disks get their keys automatically updated on update.
See https://mjg59.dreamwidth.org/66429.html
This is particularly of interest for Silverblue/Kinoite/Sericea as this is a common LUKS encrypted disk setup with a password on laptops.
This will only work for LUKS setups where we can guarantee that we can re-enter the key of all keyslots or that we can ask the user to re-enter all keys.
It might be really hard to do non-interactively on Silverblue. Documentation might be the best option.
See discussion for FCOS: coreos/fedora-coreos-tracker#1474