Re: Encrypted containers & the Debian installer. - Works now.
On 05/23/2018 12:36 AM, Diagonal Arg wrote:
> On 05/22/2018 05:06 AM, firstname.lastname@example.org wrote:
>> Le 16/05/2018 à 08:05, Diagonal Arg a écrit :
>>> On my first tries with the Debian installer, I am struggling with the
>>> limited resources for installing to encrypted disks. I am using the
>>> same technique I have used with Ubuntu, but failing at the last step:
>>> I create my luks disk(s) before-hand, then run the installer. I find
>>> I have to anna-install cryptsetup-udeb, as there is no such choice in
>>> "Load Installer Modules". Dropping to a shell, opening the disk, and
>>> re-detecting hard drives allows me to carry out the installation (as
>>> long as there's a filesystem in the mapped device), but on reboot I'm
>>> at an initramfs without cryptsetup. So I use a debian-live to pivot
>>> into the system to create a crypttab. I find I also have to install
>>> cryptsetup. Then I run update-initramfs. Here is where I'm stuck.
>>> The new initramfs still does not include cryptsetup. Why is it not
>>> recognizing the crypttab?
>>> I have tried other approaches eg, during installation doing adding an
>>> apt-install cryptsetup (after "Select and Install Software") and then
>>> editing crypttab, but to no avail.
>>> PS. I pivot like this, in case I'm missing something:
>>> mount root & boot devices in /target
>>> for f in dev dev/pts sys proc; do sudo mount -B /$f /target/$f; done
>>> chroot /target
>> In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line
>> “CRYPTSETUP” which is commented and/or has the default value “n”. If
>> this is the case, replace the line with “CRYPTSETUP=y”. So, the next use
>> of the command “update-initramfs” should solve your problem if I
>> understood it correctly.
> Thank you! Cryptsetup is now in my initramfs. I am close, but there
> still remains one issue. When updating the initramfs, I get:
> cryptsetup: WARNING: root target luks.root uses a key file, skipped
> But it doesn't use a key file. My cryptsetup is:
> luks.root UUID=xxx pwd luks
> And my fstab contains:
> /dev/mapper/luks.root / btrfs defaults 0 0
> When I boot the system, I drop into initramfs. There, I can open the
> root disk myself and continue the boot process.
Oops! It's not "pwd" in the crypttab, it's "none"!
Works now. Yay, yay!! :)
Thanks so much.