[pkg-cryptsetup-devel] Bug#927165: debian-installer: improve support for LUKS

Roger Shimizu rosh at debian.org
Sun Jun 30 06:50:32 BST 2019

On Tue, Jun 11, 2019 at 12:06 AM Guilhem Moulin <guilhem at debian.org> wrote:
> Hi there,
> On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> >>> One could argue that cryptodisk support has never been supported by
> >>> d-i anyway,
> >>
> >> Yup, and I suppose that's why I overlooked this in my mail to
> >> debian-boot :-P  Jonathan Carter had a similar report last week
> >>
> >> https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2019-April/008196.html
> >
> > While I'm usually fine to dismiss some bug reports as “it's unsupported,
> > sorry”, making users' life harder doesn't seem really reasonable… :/
> During last week's gathering at MiniDebConf Hamburg we (cryptsetup package
> maintainer + KiBi) talked and came up with the following guide/notes:
>     https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

Thank for the above doc, which is quite easy understanding and straightforward!
I didn't notice this until it's mentioned by release announcement of
D-I RC2 [1].

I confirmed with /boot set up in LUKS1, everything works fine.
It‘d configure non encrypted /boot when in D-I, then after finishing
D-I, and reboot to system, manually make LUKS1 for /boot partition.

However, I found adding:
  GRUB_PRELOAD_MODULES="luks cryptodisk"
to /etc/default/grub is not necessary.
is the only setting need to append manually.
(/etc/fstab /etc/crypttab need to be edited for sure)

Thanks again for your effort on the guide/notes above!

[1] https://lists.debian.org/debian-devel-announce/2019/06/msg00005.html
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

More information about the pkg-cryptsetup-devel mailing list