|
Hi,
Sorry if this is not the right list to ask this question. I did not find a Debian-live users mailing list and was not sure if I should post this question to the general Debian-users mailing list. Please let me know if that's what I should be doing. Else, if someone could help me with this or point me in the right direction, I would be much obliged. I am trying to use Grub 2.00 (with Luks support enabled) to boot a Debian-live system from an encrypted LUKS partition. /boot is also located in the encrypted Partition. I am using grub.cfg like below, and things work fine (With Grub requesting a password for the encrypted file system and parsing grub.cfg, displaying the menu, etc.. The problem arises with the linux command to load the kernel. Loading the Debian-live based OS requires passing a reference to the file system hosting the file system, via the live-media kernel command-line parameter. I am passing this reference as /dev/disk/by-uuid/<uuid-of-the-decrypted-fs> . The UUID I am using is the one read by blkid when I mounted and decrypted this encrypted partition from another Linux host. However, this does not work and from the debugging output on the console, it appears to be because the path to the decrypted fs device is invalid. If I mount and decrypt the LUKS partition from a running Linux OS, this device is always created with the same UUID, so I expected this to happen when GRUB decrypts the LUKS partition. Turns out not to be the case. Is there some way I can indicate to live-boot that the live-media is on a LUKS encrypted device and needs to be decrypted first? Here is my grub.cfg menuentry 'FDE Live' { set isofile="/ISOs/linux.iso" # The UUID for the encrypted LUKS partition as obtained by running blkid set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d" # The UUID for the decrypted ext4 fs in the LUKS partition set decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008" insmod part_msdos insmod loopback insmod iso9660 insmod cryptodisk insmod luks echo 'Mounting encrypted disk ...' cryptomount -u ${encryptedfs_uuid} echo 'Searching for the root fs in the decrypted fs...' set root=(cryptouuid/${encryptedfs_uuid}) search --no-floppy --fs-uuid --set=root ${decryptedfs_uuid} echo 'Setting up a loopback device to the CD image' loopback loop $root/$isofile set root=loop echo 'Loading Linux Kernel ...' linux /live/vmlinuz boot=live live-media=/dev/disk/by-uuid/${decryptedfs_uuid} fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img config debug video=640x480 fbcon=scrollback:128 echo 'Loading initial ramdisk ...' initrd /live/initrd.img } Am just learning things as I go, so please do pardon me if this is a newbie question and I have missed something obvious. Regards, Steve |