On 17/12/2018 00:41, Alessandro Selli wrote:
> On 16/12/18 at 13:28, KatolaZ wrote:
>> automagic disk encryption,
>
>
> Well, if you cannot install on an encrypted root, encrypting it later
> is a real PITA.
>
> The present impossibility of installing ASCII on an encrypted root is
> a show-stopper to my laptop installs
The most taxing step in my case was getting the partitioner to do what I wanted.
I could not skip that step and manually partition as I could find no easy way of
then defining the mount points (tips please, if anyone has any).
I then had to generate the key
/etc/keys/luks-key_for_sdX_crypt
and edit
/etc/default/grub
GRUB_ENABLE_CRYPTODISK=y
/etc/crypttab
sdX_crypt UUID=1223456.... /etc/keys/luks-key_for_sdX_crypt luks,initramfs
/etc/cryptsetup-intramfs/conf-hook
KEYFILE_PATTERN=/etc/keys/luks-*
modify /usr/share/initramfs-tools/hooks/cryptroot
# A WARNING is not an ERROR, give me back my FOC
if printf '%s' "$OPTIONS" | grep -Eq '^(.*,)?rootdev(,.*)?$'; then
#echo "cryptsetup: WARNING: root target $target uses a key file,
skipped" >&2
#return 1
echo "cryptsetup: WARNING: root target $target uses a key file" >&2
# test whether a) key file is not on root fs
# or b) root fs is not encrypted
elif [ "$(stat -c %m -- "$key" 2>/dev/null)" != / ] || !
node_or_pv_is_in_crypttab $rootdevs; then
#echo "cryptsetup: WARNING: $target's key file $key is not on an
encrypted root FS, skipped" >&2
#return 1
echo "cryptsetup: WARNING: $target's key file $key is not on an
encrypted root FS" >&2
fi
then reinstall grub and remake the initrd.
To fix delays during boot\shutdown I had to totally remove
/etc/init.d/cryptdisks and all references to it.
Having both cryptdisks-early and cryptdisks caused conflicts due to duplicated
actions.
Simply disabling cryptdisks left K0cryptdisks references (BUG) that are then
invoked on reboot\shutdown.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
