On 8/28/20 12:35 PM, HardenedArray via Grub-devel wrote: > Hi Eli, > > Unless I missed what I said in this very long, convoluted LUKS2 IRC > history, I do not recall telling you that I could cryptomount from a > --type luks1 partition, simply because I had never had a reason to do > so.
2020-08-17 03:27:30 PM eschwartz what I mean to say is, for testing purposes it's useful to narrow down where grub might be failing 2020-08-17 03:28:16 PM eschwartz so instead of re-encrypting / and /boot with luks2, try adding a new disk, encrypted with luks2, and see if it can be mounted 2020-08-17 03:28:53 PM eschwartz this lets you test, in isolation, whether grub can decrypt luks2 in general 2020-08-17 03:30:42 PM eschwartz if that works, then you can follow on to the next stage -- seeing if the minimal grubx64.efi (or BIOS core.img embedded in the MBR) can handle luks2 when unlocking /boot (which is where extended modules are located) 2020-08-18 02:11:55 PM h4rd3n3D eschwartz: following up from yesterday, if this a sufficient test from your POV? From a LUKS1 Arch encrypted /boot system, I can easily mount a Fedora btrfs LUKS2 encrypted / partition. The reverse boot and mount case is also true. Both OSes run grub and can be independently booted. My assumption was, here, that you performed the fedora mount using the grub command line. In order to test grub. Did you instead test this using the Linux initramfs command line? That would test the linux "cryptsetup" program, a useless test. > Again, grub boots my luks1 encrypted /boot system without issue, > meaning I enter my passphrase at the grub (correct /dev/sda7 UUID) > prompt (and NOT the `grub rescue>`) prompt and then boot continues > until I reach KDE's SDDM login. > > What I think I told you is: once I'm logged into KDE on my luks1 > encrypted /boot system, I can easily mount another luks2 encrypted / > on another partition, be that Fedora or some other OS. No > cryptomount command or `grub rescue> prompt involved. Only entering > the correct LUKS passphrase is required. > > Hope that helps... -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel