Pascal Hambourg <pas...@plouf.fr.eu.org> writes: > The version of GRUB included in Jessie at least can handle an encrypted > /boot. However the Debian installer does not handle this case correctly. > You must add the following line in /etc/default/grub in order for > grub-install to install the core image with crypto modules and for > update-grub to generate a proper grub.cfg : > > GRUB_ENABLE_CRYPTODISK=y > > (not =1 or =true as seen on some documentation) > > The procedure in the post you point to is flawed in Debian Jessie : if > you run update-grub or grub-mkconfig before adding the line in > /etc/default/grub, it won't add the required "cryptomount" commands to > open encrypted devices. Actually it is grub-mkconfig which is broken : > if the line is present, it adds an cryptomount command in every menu > entry, even when not needed (and generates boot-time errors). If the > line is missing, it adds insmod commands to load crypto modules when > needed but not the cryptomount commands.
I never said that it works on debian. I just wanted to point out that it is not strictly necessary to have an unencrypted /boot partition.
