Bug#849400: debian-installer: LUKS on rootfs and boot

To: "James Addison" <jay@jp-hosting.net>, "849400" <849400@bugs.debian.org>
Subject: Bug#849400: debian-installer: LUKS on rootfs and boot
From: "Jinesh Choksi" <jinesh@onelittlehope.com>
Date: Sat, 29 Jul 2023 01:29:04 +0100 (BST)
Message-id: <[🔎] E1qPXpQ-0001Xy-BL@rmmprod06.runbox>
Reply-to: jinesh@onelittlehope.com, 849400@bugs.debian.org
In-reply-to: <[🔎] 169055333149.6823.11686656524659308701.reportbug@frontier>
References: <201612261802.29005@pali>

> Can you provide a series of steps to replicate the failure case reported in
> this bug?

Reproduction Steps

- Boot using debian-12.1.0-amd64-netinst.iso in a VM

- At the Grub boot menu, select Advanced options > Expert Install

- Go through the following install steps using defaults or as desired:

- Choose language
- Configure the keyboard
- Detect and mount installation media
- Load installer components from installation media
- Detect network hardware
- Configure the network
- Set up users and password
- Configure the clocks
- Detect disks

- When you reach the "Partition disks" step, choose "Manual" disk partitioning method

- Setup a GPT partition table

- Setup an EFI partition (min 100MB), mounted as /boot/efi

- Setup a DMCRYPT partition using remaining free space. (i.e. use as "Physical volume for encryption")

- Choose to "Configure encrypted volumes"

- Set a password for the encrypted volume (also to speed up the process, set Erase data to: No)

- At this point, switch to TTY2, activate console and type in (the following is needed as it is not possible to select luks version):

- cryptsetup luksClose sda2_crypt

- cryptsetup luksFormat --type luks1 /dev/sda2

- cryptsetup luksOpen /dev/sda2 sda2_crypt

- Switch back to TTY1 and select "Go back", and select "Detect Disks" (needed to refresh partman's state)

- Select "Partition Disks" again

- Set the file system for the encrypted volume to "XFS" (i.e. use as XFS journaling file system) and set the mount point to /.

- To reduces reproduction steps, we won't set up a swap partition.

- Finally, select "Finish partitioning and write changes to disk"

- You will see a dialog saying:

Encryption configuration failure

You have selected the root file system to be stored on an encrypted partition. This feature requires a separate /boot partition on which the kernel and initrd can be stored.

You should go back and setup a /boot partition.

- It is not possible to get past this dialog.

- Note: If it was possible to get past this dialog, then you can proceed with installation as per normal until you get to the "Install Grub Boot Loader" stage. You will find that this stage errors at the "grub-install (dummy)" step.

- If you look at msgs on TTY4, you will note it says to add the line "GRUB_ENABLE_CRYPTODISK=y" to the /etc/default/grun file. So, switch console on TTY2 and edit /target/etc/default/grub file and add this line.

- Run the "Install Grub Boot Loader" stage again and it will work and rest of the install will progress normally.

- The missing "GRUB_ENABLE_CRYPTODISK=y" line is a seperate bug #925134.

Reply to:

Follow-Ups:
- Bug#849400: debian-installer: LUKS on rootfs and boot
  - From: Cyril Brulebois <kibi@debian.org>

References:
- Bug#849400: debian-installer: LUKS on rootfs and boot
  - From: James Addison <jay@jp-hosting.net>

Prev by Date: Bug#1042478: Tasks missing in tasksel and its task-description file
Next by Date: Processed: Bug#980493 marked as pending in debian-installer
Previous by thread: Bug#849400: debian-installer: LUKS on rootfs and boot
Next by thread: Bug#849400: debian-installer: LUKS on rootfs and boot
Index(es):
- Date
- Thread