Re: Encrypted containers & the Debian installer.

To: debian-user@lists.debian.org
Cc: 21naown@gmail.com
Subject: Re: Encrypted containers & the Debian installer.
From: Diagonal Arg <debian.org@niwas.net>
Date: Wed, 23 May 2018 00:36:14 -0700
Message-id: <[🔎] ef98920f-b024-8cf4-162e-d33d394bb255@niwas.net>
In-reply-to: <[🔎] 00829a5b-2345-cdc0-34e8-ecb2f8f1d82a@gmail.com>
References: <[🔎] 163678d6627.e1d3218e8796.5021193021553864846@niwas.net> <[🔎] 00829a5b-2345-cdc0-34e8-ecb2f8f1d82a@gmail.com>

On 05/22/2018 05:06 AM, 21naown@gmail.com wrote:
> Le 16/05/2018 à 08:05, Diagonal Arg a écrit :
>> On my first tries with the Debian installer, I am struggling with the
>> limited resources for installing to encrypted disks.  I am using the
>> same technique I have used with Ubuntu, but failing at the last step:
>>
>> I create my luks disk(s) before-hand, then run the installer.  I find
>> I have to anna-install cryptsetup-udeb, as there is no such choice in
>> "Load Installer Modules".  Dropping to a shell, opening the disk, and 
>> re-detecting hard drives allows me to carry out the installation (as
>> long as there's a filesystem in the mapped device), but on reboot I'm
>> at an initramfs without cryptsetup.  So I use a debian-live to pivot
>> into the system to create a crypttab.  I find I also have to install
>> cryptsetup.  Then I run update-initramfs.  Here is where I'm stuck. 
>> The new initramfs still does not include cryptsetup.  Why is it not
>> recognizing the crypttab?
>>
>> I have tried other approaches eg, during installation doing adding an
>> apt-install cryptsetup (after "Select and Install Software") and then
>> editing crypttab, but to no avail.
>>
>> /D
>>
>> PS.  I pivot like this, in case I'm missing something:
>>
>> mount root & boot devices in /target
>> for f in dev dev/pts sys proc; do sudo mount -B /$f /target/$f; done
>> chroot /target
>>
> Hello,
> 
> In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line
> “CRYPTSETUP” which is commented and/or has the default value “n”. If
> this is the case, replace the line with “CRYPTSETUP=y”. So, the next use
> of the command “update-initramfs” should solve your problem if I
> understood it correctly.
>
> [...]

Thank you!  Cryptsetup is now in my initramfs.  I am close, but there
still remains one issue.  When updating the initramfs, I get:

cryptsetup: WARNING: root target luks.root uses a key file, skipped

But it doesn't use a key file.  My cryptsetup is:
luks.root	UUID=xxx	pwd	luks

And my fstab contains:
/dev/mapper/luks.root	/	btrfs	defaults	0	0

When I boot the system, I drop into initramfs.  There, I can open the
root disk myself and continue the boot process.

/D

Reply to:

Follow-Ups:
- Re: Encrypted containers & the Debian installer. - Works now.
  - From: Diagonal Arg <debian.org@niwas.net>

References:
- Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>
- Re: Encrypted containers & the Debian installer.
  - From: 21naown@gmail.com

Prev by Date: Re: CD Burning Software
Next by Date: Re: Encrypted containers & the Debian installer. - Works now.
Previous by thread: Re: Encrypted containers & the Debian installer.
Next by thread: Re: Encrypted containers & the Debian installer. - Works now.
Index(es):
- Date
- Thread