On 8/29/20 1:47 PM, Patrick Steinhardt wrote: > This is usually done automatically by GRUB when starting. But as it'll > not know to first decrypt the volume, it fails executing both of those > commands just to show you the rescue prompt afterwards. So they are left > to you now after manually decrypting. I could've added a note up-front > to spare you the hours-long research, but it got so natural to me that I > completely forgot. > > You should be able to manually create a bootable image with GRUB with > `grub-mkimage`. The upside of this is that you can add your own early > configuration to automatically decrypt and do the `normal` dance. I > didn't care enought to do that myself yet, though, so I can't provide a > working invocation of that.
Is grub-install failing to add the relevant cryptomount invocation in the embedded stub, due to not realizing luks2 can be decrypted like that? I wonder if you could hack this to work by relying on autodetection with grub-install --modules="..." to force luks2 modules to be included, but with a luks1 "/" root partition. Then *after*, convert the partition from luks1 to luks2. The grubx64.efi image should both support luks2 due to manually added modules, AND automatically Do The Right Thing with the generic cryptomount command. -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel