[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted containers & the Debian installer.

On 05/22/2018 05:06 AM, 21naown@gmail.com wrote:
> Le 16/05/2018 à 08:05, Diagonal Arg a écrit :
>> On my first tries with the Debian installer, I am struggling with the
>> limited resources for installing to encrypted disks.  I am using the
>> same technique I have used with Ubuntu, but failing at the last step:
>> I create my luks disk(s) before-hand, then run the installer.  I find
>> I have to anna-install cryptsetup-udeb, as there is no such choice in
>> "Load Installer Modules".  Dropping to a shell, opening the disk, and 
>> re-detecting hard drives allows me to carry out the installation (as
>> long as there's a filesystem in the mapped device), but on reboot I'm
>> at an initramfs without cryptsetup.  So I use a debian-live to pivot
>> into the system to create a crypttab.  I find I also have to install
>> cryptsetup.  Then I run update-initramfs.  Here is where I'm stuck. 
>> The new initramfs still does not include cryptsetup.  Why is it not
>> recognizing the crypttab?
>> I have tried other approaches eg, during installation doing adding an
>> apt-install cryptsetup (after "Select and Install Software") and then
>> editing crypttab, but to no avail.
>> /D
>> PS.  I pivot like this, in case I'm missing something:
>> mount root & boot devices in /target
>> for f in dev dev/pts sys proc; do sudo mount -B /$f /target/$f; done
>> chroot /target
> Hello,
> In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line
> “CRYPTSETUP” which is commented and/or has the default value “n”. If
> this is the case, replace the line with “CRYPTSETUP=y”. So, the next use
> of the command “update-initramfs” should solve your problem if I
> understood it correctly.
> [...]

Thank you!  Cryptsetup is now in my initramfs.  I am close, but there
still remains one issue.  When updating the initramfs, I get:

cryptsetup: WARNING: root target luks.root uses a key file, skipped

But it doesn't use a key file.  My cryptsetup is:
luks.root	UUID=xxx	pwd	luks

And my fstab contains:
/dev/mapper/luks.root	/	btrfs	defaults	0	0

When I boot the system, I drop into initramfs.  There, I can open the
root disk myself and continue the boot process.


Reply to: