The debian package cryptsetup-initramfs does not seem present on the main system, judging from its absence from /usr/share/doc/. I'm not sure I've understood the question, however. I'm using this somewhat indirect indicator of the package because of the difficulty of getting into the system live. /var/cache/apt/archives/ has no packages with "crypt" in the name. /sbin/cryptsetup is present on the main system and the initrd
I did create the encrypted partition through the installer's partition manager, so the installer should be aware of the encryption. I am using the standard kernel. But if the initrd doesn't have all the modules it needs, that might explain the problem. Ross On Sun, Feb 3, 2019 at 5:24 AM Ben Hutchings <[email protected]> wrote: > On Sat, 2019-02-02 at 22:56 -0800, Ross Boylan wrote: > > I am able to decrypt the partition outside of a VM without the rescue > > "CD". Since I can also decrypt using the installer CD as rescue, this > > means the failure is specific to booting via grub and initrd. > > > > This seems to indicate the installer created the encrypted partition > > properly but the boot environment it created is either handling the > > pass-phrase incorrectly (e.g., include \n) or is missing some other part > of > > the machinery necessary. The most obvious candidate is from the error > > message > > > Check that kernel supports aes-xts-plain64 cipher > > > > I don't know how to check that, but looking in config-4.19.0-1-amd64 on > the > > boot partition, I see some partial matches that might be relevant: > > CONFIG_CRYPTO_AES=y > > # CONFIG_CRYPTO_AES_TI is not set > > CONFIG_CRYPTO_AES_X86_64=m > > CONFIG_CRYPTO_AES_NI_INTEL=m > > > > CONFIG_CRYPTO_XTS=m > > > > I don't see anything that looks like plain. > > You can't easily map crypto modes to config options like this. But if > you are using the standard kernel, I can assure that it supports full > disk encryption. > > > The buster system created by the installer includes aesni-intel.ko, but > the > > initrd does not. > > cryptsetup-initramfs should have been installed, and it would add the > crypto modules (and other necessary files) to the initramfs. Is it > installed? > > Ben. > > -- > Ben Hutchings > Horngren's Observation: > Among economists, the real world is often a special case. > > >
