On 17/12/2018 00:41, Alessandro Selli wrote: > On 16/12/18 at 13:28, KatolaZ wrote: >> automagic disk encryption, > > > Well, if you cannot install on an encrypted root, encrypting it later > is a real PITA. > > The present impossibility of installing ASCII on an encrypted root is > a show-stopper to my laptop installs The most taxing step in my case was getting the partitioner to do what I wanted. I could not skip that step and manually partition as I could find no easy way of then defining the mount points (tips please, if anyone has any).
I then had to generate the key /etc/keys/luks-key_for_sdX_crypt and edit /etc/default/grub GRUB_ENABLE_CRYPTODISK=y /etc/crypttab sdX_crypt UUID=1223456.... /etc/keys/luks-key_for_sdX_crypt luks,initramfs /etc/cryptsetup-intramfs/conf-hook KEYFILE_PATTERN=/etc/keys/luks-* modify /usr/share/initramfs-tools/hooks/cryptroot # A WARNING is not an ERROR, give me back my FOC if printf '%s' "$OPTIONS" | grep -Eq '^(.*,)?rootdev(,.*)?$'; then #echo "cryptsetup: WARNING: root target $target uses a key file, skipped" >&2 #return 1 echo "cryptsetup: WARNING: root target $target uses a key file" >&2 # test whether a) key file is not on root fs # or b) root fs is not encrypted elif [ "$(stat -c %m -- "$key" 2>/dev/null)" != / ] || ! node_or_pv_is_in_crypttab $rootdevs; then #echo "cryptsetup: WARNING: $target's key file $key is not on an encrypted root FS, skipped" >&2 #return 1 echo "cryptsetup: WARNING: $target's key file $key is not on an encrypted root FS" >&2 fi then reinstall grub and remake the initrd. To fix delays during boot\shutdown I had to totally remove /etc/init.d/cryptdisks and all references to it. Having both cryptdisks-early and cryptdisks caused conflicts due to duplicated actions. Simply disabling cryptdisks left K0cryptdisks references (BUG) that are then invoked on reboot\shutdown. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng