On Tue, 14 Jan 2025 02:57:24 +0100 Cyril Brulebois <k...@debian.org> wrote:
> Hi Ted,
>
> Ted <veltf...@gmail.com> (2025-01-13):
> > Any installed system with luks encryption support should be able to
> > read and decrypt entries in /etc/crypttab with properly processed
> > keyfiles without installing additional packages.
>
> I understand it might have been a little frustrating that it didn't work
> out of the box, but adjusting a critical configuration file without
> making sure the tools that are required are installed doesn't really
> strike me as something that should be covered by the installer…
Cyril, I've been using full disk luks encryption on Debian, Ubuntu, even
occasionally on Fedora, Arch & openSuse, sometimes even with a LVM for
at least 10 years, and never had a problem opening and mounting other
luks encrypted drives at boot using a keyfile referenced in
/etc/crypttab to decrypt the drives at boot and then mount them via the
fstab.
Here is a summary of the process:
https://www.cyberciti.biz/hardware/cryptsetup-add-enable-luks-disk-encryption-keyfile-linux/
https://www.redhat.com/en/blog/disk-encryption-luks
The only package that I believe was needed to be present is cryptsetup,
which is naturally already installed if you are doing a luks-encrypted
installation (although if you are using LVM you should make sure lvm2
and maybe mdadm are installed, as well). cryptsetup was indeed present
on my fresh trixie install. However on trixie/testing & sid there is a
new package called systemd-cryptsetup, which is not in the stable or
older repositories.
https://packages.debian.org/trixie/systemd-cryptsetup
I have verified that this package that is necessary to create
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator which is
required to open other luks encrypted partitions at boot using the
/etc/crypttab file.
I wasn't doing anything especially weird (other than using Linux &
encryption), systemd-cryptsetup should be a dependency of cryptsetup to
make the OS work like it is designed to do.
Regards,
>
>
> Cheers,
> --
> Cyril Brulebois (k...@debian.org) <https://debamax.com/>
> D-I release manager -- Release team member -- Freelance Consultant
