Hi,
Sorry if this is not the right list to ask this question. I did not find a
Debian-live users mailing list and was not sure if I should post this question
to the general Debian-users mailing list. Please let me know if that's what I
should be doing.
Else, if someone could help me with this or point me in the right direction, I
would be much obliged.
I am trying to use Grub 2.00 (with Luks support enabled) to boot a Debian-live
system from an encrypted LUKS partition. /boot is also located in the encrypted
Partition. I am using grub.cfg like below, and things work fine (With Grub
requesting a password for the encrypted file system and parsing grub.cfg,
displaying the menu, etc.. The problem arises with the linux command to load
the kernel. Loading the Debian-live based OS requires passing a reference to
the file system hosting the file system, via the live-media kernel command-line
parameter. I am passing this reference as
/dev/disk/by-uuid/<uuid-of-the-decrypted-fs> . The UUID I am using is the one
read by blkid when I mounted and decrypted this encrypted partition from
another Linux host. However, this does not work and from the debugging output
on the console, it appears to be because the path to the decrypted fs device is
invalid. If I mount and decrypt the LUKS partition from a running Linux OS,
this device is always created with the same UUID, so I expected this to happen
when GRUB decrypts the LUKS partition. Turns out not to be the case.
Is there some way I can indicate to live-boot that the live-media is on a LUKS
encrypted device and needs to be decrypted first?
Here is my grub.cfg
menuentry 'FDE Live' { set isofile="/ISOs/linux.iso"
# The UUID for the encrypted LUKS partition as obtained by running
blkid set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d"
# The UUID for the decrypted ext4 fs in the LUKS partition set
decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008"
insmod part_msdos insmod loopback insmod iso9660
insmod cryptodisk insmod luks
echo 'Mounting encrypted disk ...' cryptomount -u
${encryptedfs_uuid}
echo 'Searching for the root fs in the decrypted fs...' set
root=(cryptouuid/${encryptedfs_uuid}) search --no-floppy --fs-uuid
--set=root ${decryptedfs_uuid}
echo 'Setting up a loopback device to the CD image' loopback
loop $root/$isofile set root=loop
echo 'Loading Linux Kernel ...' linux /live/vmlinuz boot=live
live-media=/dev/disk/by-uuid/${decryptedfs_uuid}
fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img
config debug video=640x480 fbcon=scrollback:128
echo 'Loading initial ramdisk ...' initrd /live/initrd.img}
Am just learning things as I go, so please do pardon me if this is a newbie
question and I have missed something obvious.
Regards,Steve
