Bug#927165: debian-installer: improve support for LUKS
Cyril Brulebois
kibi at debian.org
Mon Jul 1 03:21:46 BST 2019
Hi Roger,
Roger Shimizu <rosh at debian.org> (2019-06-30):
> On Tue, Jun 11, 2019 at 12:06 AM Guilhem Moulin <guilhem at debian.org> wrote:
> >
> > Hi there,
> >
> > On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> > >>> One could argue that cryptodisk support has never been supported by
> > >>> d-i anyway,
> > >>
> > >> Yup, and I suppose that's why I overlooked this in my mail to
> > >> debian-boot :-P Jonathan Carter had a similar report last week
> > >>
> > >> https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2019-April/008196.html
> > >
> > > While I'm usually fine to dismiss some bug reports as “it's unsupported,
> > > sorry”, making users' life harder doesn't seem really reasonable… :/
> >
> > During last week's gathering at MiniDebConf Hamburg we (cryptsetup package
> > maintainer + KiBi) talked and came up with the following guide/notes:
> >
> > https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
>
> Thank for the above doc, which is quite easy understanding and straightforward!
> I didn't notice this until it's mentioned by release announcement of
> D-I RC2 [1].
>
> I confirmed with /boot set up in LUKS1, everything works fine.
> It‘d configure non encrypted /boot when in D-I, then after finishing
> D-I, and reboot to system, manually make LUKS1 for /boot partition.
Thanks for letting us know you appreciate it.
Guilhem, any chance I could trick you into adding a pointer from the
installation-guide to your documentation? It would be an extra string
for translators to deal with, but that might be added to unstable and
then backported at a later point to buster once translators have had a
chance to catch up.
I was meaning to do that before closing this bug report (#927165) but
I didn't manage to get to that in the past weeks due to a little hiccup
after the mini-DebConf in HH.
> However, I found adding:
> GRUB_PRELOAD_MODULES="luks cryptodisk"
> to /etc/default/grub is not necessary.
> GRUB_ENABLE_CRYPTODISK=y
> is the only setting need to append manually.
> (/etc/fstab /etc/crypttab need to be edited for sure)
>
> Thanks again for your effort on the guide/notes above!
>
> [1] https://lists.debian.org/debian-devel-announce/2019/06/msg00005.html
From my limited tests, it seemed that GRUB_ENABLE_CRYPTODISK=y was
indeed sufficient.
Cheers,
--
Cyril Brulebois (kibi at debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20190701/134d1bb2/attachment.sig>
More information about the Pkg-grub-devel
mailing list