I am affected by this as well. Googling shows shows people experimenting with workarounds - creating an additional unencrypted /boot partition independent of the unencrypted EFI partition.
This is overly complicated when the subsequent install workflow already does the correct thing - in creating a /boot partition and kernel/initrd/grub on the EFI parition. One just needs to be able to hint that the EFI/fat32 parition will be used for /boot, or else simply let the user 'continue' the installation, rather than have both 'go-back' and 'continue' return to the same menu. On Mon, 26 Dec 2016 18:02:28 +0100 Pali =?utf-8?q?Roh=C3=A1r?= < pali.ro...@gmail.com> wrote: > Package: debian-installer > Severity: normal > > Dear Maintainer, > > Debian installer refuse me to install entire system (including /boot) on > one encrypted partition. It shows me this red fatal error message: > > [!!] Partition disks > > Encryption configuration failure > > You have selected the root file system to be stored on an encrypted partition. This > feature requires a separate /boot partition on which the kernel and initrd can be stored. > > You should go back and setup a /boot partition. > > There are two buttons <Go Back> and <Continue> but both buttons go > back and refuse to continue... > > Then I tried to have separate /boot and separate / partitions, both > LUKS encrypted. But Debian installer again refused to install such > configuration. It show me another red fatal error message: > > [!!] Partition disks > > Encrypted configuration failure > > You have selected the /boot file system to be stored on an encrypted partition. This is > not possible because the boot loader would be unable to load the kernel and initrd. > Continuing now would result in an installation that cannot be used. > > You should go back and choose a non-encrypted partition for he /boot file system. > > Again there are two buttons: <Go Back> and <Continue> and again both go > back and does not allow me to process changes and continue. > > And that error message is incorrect. Grub2 has already supports for > accessing LUKS partitions. Just add GRUB_ENABLE_CRYPTODISK=y (or in > older versions GRUB_CRYPTODISK_ENABLE=y) to /etc/default/grub. > > Debian installer should allow users to install system on fully > encrypted disk (also with /boot) and should not force users to have > always /boot unencrypted. > > At least expert users should be able to skip that error message and > continue installation as error message is not truth anymore. > > -- > Pali Rohár > pali.ro...@gmail.com
