[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted containers & the Debian installer. - Works now.

On 05/23/2018 12:36 AM, Diagonal Arg wrote:
> On 05/22/2018 05:06 AM, 21naown@gmail.com wrote:
>> Le 16/05/2018 à 08:05, Diagonal Arg a écrit :
>>> On my first tries with the Debian installer, I am struggling with the
>>> limited resources for installing to encrypted disks.  I am using the
>>> same technique I have used with Ubuntu, but failing at the last step:
>>> I create my luks disk(s) before-hand, then run the installer.  I find
>>> I have to anna-install cryptsetup-udeb, as there is no such choice in
>>> "Load Installer Modules".  Dropping to a shell, opening the disk, and 
>>> re-detecting hard drives allows me to carry out the installation (as
>>> long as there's a filesystem in the mapped device), but on reboot I'm
>>> at an initramfs without cryptsetup.  So I use a debian-live to pivot
>>> into the system to create a crypttab.  I find I also have to install
>>> cryptsetup.  Then I run update-initramfs.  Here is where I'm stuck. 
>>> The new initramfs still does not include cryptsetup.  Why is it not
>>> recognizing the crypttab?
>>> I have tried other approaches eg, during installation doing adding an
>>> apt-install cryptsetup (after "Select and Install Software") and then
>>> editing crypttab, but to no avail.
>>> /D
>>> PS.  I pivot like this, in case I'm missing something:
>>> mount root & boot devices in /target
>>> for f in dev dev/pts sys proc; do sudo mount -B /$f /target/$f; done
>>> chroot /target
>> Hello,
>> In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line
>> “CRYPTSETUP” which is commented and/or has the default value “n”. If
>> this is the case, replace the line with “CRYPTSETUP=y”. So, the next use
>> of the command “update-initramfs” should solve your problem if I
>> understood it correctly.
>> [...]
> Thank you!  Cryptsetup is now in my initramfs.  I am close, but there
> still remains one issue.  When updating the initramfs, I get:
> cryptsetup: WARNING: root target luks.root uses a key file, skipped
> But it doesn't use a key file.  My cryptsetup is:
> luks.root	UUID=xxx	pwd	luks
> And my fstab contains:
> /dev/mapper/luks.root	/	btrfs	defaults	0	0
> When I boot the system, I drop into initramfs.  There, I can open the
> root disk myself and continue the boot process.
> /D

Oops!  It's not "pwd" in the crypttab, it's "none"!

Works now.  Yay, yay!!  :)

Thanks so much.


Reply to: