On Tue, Jun 11, 2019 at 12:06 AM Guilhem Moulin <guil...@debian.org> wrote: > > Hi there, > > On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote: > >>> One could argue that cryptodisk support has never been supported by > >>> d-i anyway, > >> > >> Yup, and I suppose that's why I overlooked this in my mail to > >> debian-boot :-P Jonathan Carter had a similar report last week > >> > >> https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2019-April/008196.html > > > > While I'm usually fine to dismiss some bug reports as “it's unsupported, > > sorry”, making users' life harder doesn't seem really reasonable… :/ > > During last week's gathering at MiniDebConf Hamburg we (cryptsetup package > maintainer + KiBi) talked and came up with the following guide/notes: > > https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
Thank for the above doc, which is quite easy understanding and straightforward! I didn't notice this until it's mentioned by release announcement of D-I RC2 [1]. I confirmed with /boot set up in LUKS1, everything works fine. It‘d configure non encrypted /boot when in D-I, then after finishing D-I, and reboot to system, manually make LUKS1 for /boot partition. However, I found adding: GRUB_PRELOAD_MODULES="luks cryptodisk" to /etc/default/grub is not necessary. GRUB_ENABLE_CRYPTODISK=y is the only setting need to append manually. (/etc/fstab /etc/crypttab need to be edited for sure) Thanks again for your effort on the guide/notes above! [1] https://lists.debian.org/debian-devel-announce/2019/06/msg00005.html -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
