grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing

From: Patrick Steinhardt
Subject: Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results
Date: Sat, 29 Aug 2020 19:47:41 +0200 
On Sat, Aug 29, 2020 at 04:27:11PM +0000, HardenedArray via Grub-devel wrote:
> Patrick,
> 
> I truly appreciate your deep knowledge of grub, and I am happy to report I 
> think we have a working LUKS2 encrypted /boot solution based on your input!

Glad it worked!

[snip]
> From this still sad NON-BOOTED state of affairs, it merely took me hours of 
> research to undig myself from this self-inflicted grave!
> 
> from `grub rescue>` type:  'insmod normal'
> 
> from `grub rescue>` type:  'normal'
> 
> That should launch your typical/welcome Arch Linux and Advanced options for 
> Arch Linux screen as controlled by /etc/default/grub and by X.

This is usually done automatically by GRUB when starting. But as it'll
not know to first decrypt the volume, it fails executing both of those
commands just to show you the rescue prompt afterwards. So they are left
to you now after manually decrypting. I could've added a note up-front
to spare you the hours-long research, but it got so natural to me that I
completely forgot.

You should be able to manually create a bootable image with GRUB with
`grub-mkimage`. The upside of this is that you can add your own early
configuration to automatically decrypt and do the `normal` dance. I
didn't care enought to do that myself yet, though, so I can't provide a
working invocation of that.

Patrick

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]