grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing

From: Eli Schwartz
Subject: Re: Can grub-git be used to decrypt a LUKS2 encrypted partition? Testing Results
Date: Sat, 29 Aug 2020 21:38:53 -0400 
On 8/29/20 1:47 PM, Patrick Steinhardt wrote:
> This is usually done automatically by GRUB when starting. But as it'll
> not know to first decrypt the volume, it fails executing both of those
> commands just to show you the rescue prompt afterwards. So they are left
> to you now after manually decrypting. I could've added a note up-front
> to spare you the hours-long research, but it got so natural to me that I
> completely forgot.
> 
> You should be able to manually create a bootable image with GRUB with
> `grub-mkimage`. The upside of this is that you can add your own early
> configuration to automatically decrypt and do the `normal` dance. I
> didn't care enought to do that myself yet, though, so I can't provide a
> working invocation of that.

Is grub-install failing to add the relevant cryptomount invocation in
the embedded stub, due to not realizing luks2 can be decrypted like that?

I wonder if you could hack this to work by relying on autodetection with
grub-install --modules="..." to force luks2 modules to be included, but
with a luks1 "/" root partition. Then *after*, convert the partition
from luks1 to luks2. The grubx64.efi image should both support luks2 due
to manually added modules, AND automatically Do The Right Thing with the
generic cryptomount command.

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]