Rick Thomas <rbtho...@pobox.com> writes: > I used to do this. It worked very well before Jessie came along. > > You need an un-encrypted /boot partition to hold the kernel and > initrd, of course…
This is not true, although I also thought it to be the case. Grub2 can handle LUKS, so it is possible to encrypt the whole disk. I recently stumbled across a post where the procedure is explained using archlinux as an example. I’m not sure whether debian includes a version of Grub which can also do so, but in principle an unencrypted /boot partition is not needed. This is the post in question: http://dustymabe.com/2015/07/06/encrypting-more-boot-joins-the-party/ Regards, Nathanael Schweers
