Hi Patrick,
Thank you for taking the time to have a look and if that LUKS2 unlocking
process seems useful, please feel free to copypasta it, as needed.
Surely, I understand on the changing partitions part, which is why I attempted
to keep `/dev/sdXYZ` as generic as possible.
Furthermore, I am
On Sun, Aug 30, 2020 at 08:19:08PM +0200, Patrick Steinhardt wrote:
> On Sun, Aug 30, 2020 at 03:30:39PM +, HardenedArray via Grub-devel wrote:
> > Patrick, I've also noted Eli's further input, immediately below.
> >
> > Given that you now know exactly how I've encrypted / and how I unlock
>
On Sun, Aug 30, 2020 at 03:30:39PM +, HardenedArray via Grub-devel wrote:
> As a direct consequence of your valuable `--modules=` input, I have
> taken the time and attempted to carefully document my entire LUKS2
> unlocking encrypted /boot process for the benefit of others, similarly
>
On Sat, Aug 29, 2020 at 09:38:53PM -0400, Eli Schwartz wrote:
> On 8/29/20 1:47 PM, Patrick Steinhardt wrote:
> > This is usually done automatically by GRUB when starting. But as it'll
> > not know to first decrypt the volume, it fails executing both of those
> > commands just to show you the
Hi Patrick,
As a direct consequence of your valuable `--modules=` input, I have taken the
time and attempted to carefully document my entire LUKS2 unlocking encrypted
/boot process for the benefit of others, similarly situated.
My procedure and comments are posted at:
On 8/29/20 1:47 PM, Patrick Steinhardt wrote:
> This is usually done automatically by GRUB when starting. But as it'll
> not know to first decrypt the volume, it fails executing both of those
> commands just to show you the rescue prompt afterwards. So they are left
> to you now after manually
On Sat, Aug 29, 2020 at 04:27:11PM +, HardenedArray via Grub-devel wrote:
> Patrick,
>
> I truly appreciate your deep knowledge of grub, and I am happy to report I
> think we have a working LUKS2 encrypted /boot solution based on your input!
Glad it worked!
[snip]
> From this still sad
Patrick,
I truly appreciate your deep knowledge of grub, and I am happy to report I
think we have a working LUKS2 encrypted /boot solution based on your input!
As I told everyone here, previously:
I originally encrypted my / partition with: `cryptsetup -c aes-xts-plain64 -h
sha512 -s 512
Hi,
On Sat, Aug 29, 2020 at 09:00:41AM +, HardenedArray wrote:
>
> Hi Patrick,
>
> Yes, I am on the mailing list.
Okay. I'm re-adding the ML to the receipients.
> I tried appending all the modules you mentioned below to `--modules=`
>
> However, when I ran `grub-install
On Fri, 28 Aug 2020 15:28:41 +
HardenedArray via Grub-devel wrote:
> I run Arch Linux as an encrypted /, /boot and swap system. That
> encrypted /boot is nothing more than a folder under /, however two
> Keyslots are required to boot.
>
> If I understand the boot process correctly, LUKS
Eli,
Sorry if you misunderstood how I decrypted a LUKS2 / from a booted LUKS1
encrypted /boot Arch system.
No CLI, nor initramfs was involved.
I merely booted my LUKS1 encrypted /boot, logged into SDDM, then used KDE's
Dolphin to unlock another LUKS2 / partition. And, of course, grub can
On 8/28/20 12:51 PM, Patrick Steinhardt wrote:
> If that's the case, then this is entirely expected right now.
> grub-install doesn't yet include the required modules automatically for
> LUKS2 support. There is ongoing work to enable this, first by
> recognizing LUKS2 devices at all [1,2]. But
On 8/28/20 12:35 PM, HardenedArray via Grub-devel wrote:
> Hi Eli,
>
> Unless I missed what I said in this very long, convoluted LUKS2 IRC
> history, I do not recall telling you that I could cryptomount from a
> --type luks1 partition, simply because I had never had a reason to do
> so.
On Fri, Aug 28, 2020 at 11:37:24AM -0400, Eli Schwartz wrote:
> On 8/28/20 11:28 AM, HardenedArray via Grub-devel wrote:
> > I run Arch Linux as an encrypted /, /boot and swap system. That
> > encrypted /boot is nothing more than a folder under /, however two
> > Keyslots are required to boot.
> >
Hi Eli,
Unless I missed what I said in this very long, convoluted LUKS2 IRC history, I
do not recall telling you that I could cryptomount from a --type luks1
partition, simply because I had never had a reason to do so.
Again, grub boots my luks1 encrypted /boot system without issue, meaning I
On 8/28/20 11:28 AM, HardenedArray via Grub-devel wrote:
> I run Arch Linux as an encrypted /, /boot and swap system. That
> encrypted /boot is nothing more than a folder under /, however two
> Keyslots are required to boot.
>
> If I understand the boot process correctly, LUKS Keyslot 1 is used
I run Arch Linux as an encrypted /, /boot and swap system. That encrypted /boot
is nothing more than a folder under /, however two Keyslots are required to
boot.
If I understand the boot process correctly, LUKS Keyslot 1 is used by grub to
unlock /boot, then control is handed off to the kernel
17 matches
Mail list logo