On Sun, Aug 30, 2020 at 03:30:39PM +0000, HardenedArray via Grub-devel wrote: > As a direct consequence of your valuable `--modules=` input, I have > taken the time and attempted to carefully document my entire LUKS2 > unlocking encrypted /boot process for the benefit of others, similarly > situated.
Great to have some documentation of the process, thanks! > My procedure and comments are posted at: > https://aur.archlinux.org/packages/grub-git/ under an intentionally > Five Eyes 'unlinked' nick. I know you understand. > > Please take a moment to review my boot sequence comments within Step > 11 and following Step 13, both of which are in concordance with my > understanding of the GRUB encrypted /boot unlocking sequence. > > If either statement needs modification, please let me know, as I do > not want others to adopt an incorrect understanding of how both GRUB > and the kernel go about unlocking Keyslot 1, then Keyslot 0. I did a quick read and things look mostly fine. Partitions may obviously change between installation, but I guess people can figure that out on their own. > Patrick, I've also noted Eli's further input, immediately below. > > Given that you now know exactly how I've encrypted / and how I unlock > my encrypted: /boot, swap and /, if you can indeed 'hack' a suitable > `grub-mkimage` command for me to test, I would be happy to test it. I currently don't have any available, sorry. I never did the custom config thing yet, even though it shouldn't be too hard. I hope to find some time in the next few days to give it a test and will report back. > However, please be sure to tell me whether you intend any such > `grub-mkimage` directive to be a REPLACEMENT for `grub-mkconfig` or as > a supplemental command. It's not a replacement of `grub-mkconfig`, but is part of what `grub-install` does. `grub-mkimage` will create the executable loaded by your bootloader, which includes any pre-loaded modules as well as the early boot config. `grub-mkconfig` will create the configuration that's used after this early boot step and is loaded when you execute `normal`. Patrick
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
