On 10/10/2020 6:25 PM, john doe wrote:
On 10/10/2020 5:10 PM, Charles Curley wrote:
On Sat, 10 Oct 2020 08:06:16 +0200
john doe <johndoe65...@mail.com> wrote:
No, I'm not even getting the grub bootloader.
If you aren't even getting to to GRUB, then your problem isn't an
encrypted /boot partition, it's something else. Possibly something you
did in the process of encrypting /boot. Possibly a limitation in
libvirt.
Okay, I have installed Debian Buster encrypted lvm using virt-install,
done the commands to encrypt the boot partition.
If I boot the VM with qemu directly, it works as I would expected to but
as long as I use Libvirt it does not.
With apparmor disabled, I as you conclude that the issue is libvirt
related.
I'm not seeing anything in the log that would indicate where the issue
lies.
Is it working for you?
No. I have looked at the process but not tried it yet. I will probably
experiment with a Bullseye installation.
Installing the VM with encrypted lvm is straight forward making the root
partition encrypted and working well.
Thanks to the libvirt folks (1), I got it working by doing:
Add those two lines in the domain xml in the os section
<os>
....
<bootmenu enable='yes'/>
<bios useserial='yes'/>
</os>
The package 'sgabios' may also be needed.
1) https://www.redhat.com/archives/libvirt-users/2020-October/msg00052.html
--
John Doe
