7[00:01:42] <frikinz> brutser: does it decrypt the whole disk
or just mount it and decrypts on the fly? where is the decrypted
disk stored? I don't really see how this could work tbh
8[00:02:04] <theciaguy> See also "LUKS," "full
disk encryption," etc.
9[00:02:07] <dllbrt> poot, thanks. The programs were bibletime
and Xiphos. I was fixing up an old system to be a kids' system
for a family. Another quirk: I didn't find a general systm
administration package, just synaptic. I'd like to be able to
do some system setting like Mageia has.
10[00:02:10] <frikinz> oh it works with luks1 mmh
11[00:02:12] <theciaguy> It works all day, every day, on
millions of systems.
12[00:02:13] <jelly> brutser: where precisely does this kernel
panic happen? Maybe you just don't have luks things inside the
initramfs image
13[00:02:31] <brutser> frikinz: let's say it's
/dev/sda that is encrypted with luks1 type - then grub2 is capable
of decrypting it without kernel/initrd, just by adding the right
modules
14[00:02:32] <theciaguy> GRUB2 can directly unlock LUKS
containers without an initramfs if the container is LUKS1.
15[00:02:41] <brutser> theciaguy: yes exact
16[00:02:51] <brutser> let me repeat what i wrote in the
question >>
17[00:02:53] <frikinz> brutser: yes but once you boot?
18[00:03:16] <jelly> theciaguy: but the kernel needs to be able
to decrpt/open it again itself.
21[00:03:39] *** Quits: television (~alex@replaced-ip) (Read error: Connection reset by peer)
22[00:03:54] <brutser> yes, then i boot and i get grub rescue
because no bootable device - i decrypt the /dev/sda with
"cryptomount (ahci0)" which is the first ssd - that takes
a bit of time, because grub decrypt is slow
23[00:03:55] <theciaguy> jelly: And that should be easy to
accomplish if the kernel/initramfs have the necessary things.
24[00:04:40] <brutser> then i need to set root > "set
root=crypto0" - (crypto0) is the decrypted /dev/sda - i can
then do ls / and it show me the root filesystem , everything good so
far
25[00:04:57] <brutser> now i need to set grub's boot
parameters, so the kernel and initrd
26[00:04:59] <jelly> brutser: where is your grub installed if
the whole of /dev/sda is your luks device?
27[00:05:13] <theciaguy> Oof. Don't use the bare device.
DEFINITELY use a partition.
28[00:05:16] <brutser> jelly: it's a coreboot with grub2
as payload
29[00:05:21] <jelly> nice
30[00:05:24] <brutser> so i guess it's on the bios
34[00:06:17] <brutser> theciaguy: yea maybe you right abt that,
but that is not causing the problem i think, but maybe i'm
wrong
35[00:06:34] <jelly> brutser: well this ought to work in
theory. In practice however grub.cfg will be different than usual,
and /etc/crypttab might be slightly different as well
37[00:07:08] <brutser> jelly: yes exact, i cannot find an
example, so i am trial-error-ing
38[00:07:48] <brutser> I need to point to the kernel and
initrd, so > "linux /vmlinuz root=/ ro quiet" - i
wonder if that's the correct line "root=/" seems a
bit weird
39[00:08:31] <brutser> but the kernel panic most likely come
from crypttab being wrong
40[00:08:54] <brutser> anyway, i will continue trial-error :)
41[00:09:01] <jelly> brutser: you need to tell the kernel where
the device with your root filesystem will be, and root=/ ... / is
not a valid device path
42[00:09:02] *** debhelper sets mode: +l 1543
43[00:09:48] <jelly> brutser: /dev/mapper/crypto0 might be a
valid device path. or /dev/mapper/vgname-lvname
44[00:09:49] <brutser> jelly: yea, but when grub2 decrypt the
/dev/sda it create a (crypto0) device (?)
45[00:09:57] <brutser> oh ok
46[00:10:04] <jelly> what grub calls it is not relevant.