Hi Roger, Roger Shimizu <r...@debian.org> (2019-06-30): > On Tue, Jun 11, 2019 at 12:06 AM Guilhem Moulin <guil...@debian.org> wrote: > > > > Hi there, > > > > On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote: > > >>> One could argue that cryptodisk support has never been supported by > > >>> d-i anyway, > > >> > > >> Yup, and I suppose that's why I overlooked this in my mail to > > >> debian-boot :-P Jonathan Carter had a similar report last week > > >> > > >> https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2019-April/008196.html > > > > > > While I'm usually fine to dismiss some bug reports as “it's unsupported, > > > sorry”, making users' life harder doesn't seem really reasonable… :/ > > > > During last week's gathering at MiniDebConf Hamburg we (cryptsetup package > > maintainer + KiBi) talked and came up with the following guide/notes: > > > > https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html > > Thank for the above doc, which is quite easy understanding and > straightforward! > I didn't notice this until it's mentioned by release announcement of > D-I RC2 [1]. > > I confirmed with /boot set up in LUKS1, everything works fine. > It‘d configure non encrypted /boot when in D-I, then after finishing > D-I, and reboot to system, manually make LUKS1 for /boot partition.
Thanks for letting us know you appreciate it. Guilhem, any chance I could trick you into adding a pointer from the installation-guide to your documentation? It would be an extra string for translators to deal with, but that might be added to unstable and then backported at a later point to buster once translators have had a chance to catch up. I was meaning to do that before closing this bug report (#927165) but I didn't manage to get to that in the past weeks due to a little hiccup after the mini-DebConf in HH. > However, I found adding: > GRUB_PRELOAD_MODULES="luks cryptodisk" > to /etc/default/grub is not necessary. > GRUB_ENABLE_CRYPTODISK=y > is the only setting need to append manually. > (/etc/fstab /etc/crypttab need to be edited for sure) > > Thanks again for your effort on the guide/notes above! > > [1] https://lists.debian.org/debian-devel-announce/2019/06/msg00005.html From my limited tests, it seemed that GRUB_ENABLE_CRYPTODISK=y was indeed sufficient. Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature
