[Wylug-discuss] Debian, GRUB, and crypto

[mark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi James

On 30/01/12 14:52, james riley wrote:
> 
> I've booted from grub before using someone's guide online, but on this
> install I let debian handle full disk crypto. Unlike debian-like
> systems I've played with, it requires the passphrase to boot, not just
> to access /home. I think this is why GRUB is saying that (hd0),
> (hd0,msdos1), (hd0,msdos5) are all unknown. Though one of these
> (msdos1 from memory, but I'm killing time before a lecture) contains
> /lost+found/ and /grub/.

I got myself into a similar predicament once.

"Full disk encryption" is great and I generally recommend everyone to do
it [1] but what you need to remember is that your /boot directory needs
to be on a different, unencrypted filesystem. If you let the debian
installer follow its defaults, this will be in a different partition on
the same disk, but you could put it on another physical device if you want.

Anyhow the important thing is that the unencrypted parts of your system
need to be configured to load the right modules (probably dmcrypt and
lvm2), otherwise you won't get the necessary entries in /dev/mapper/ to
mount your encrypted volume. If you've installed a new kernel, your
initramfs might be missing these components. Alternatively, your new
kernel might be trying to load modules built against the old libraries -
depending on what you did when you tried to move to unstable.

> 
> Otherwise, if I put a debian unstable cd into the box, is there a way
> for it to keep the crypto filesystem, or at least /home?

Yes. Use the installer and make sure to load the lvm and crypto
components before you get to the partitioner, then drop to a shell and
issue 'cryptsetup luksOpen /dev/yourencryptedpartition target', give it
your password, then exit the shell. When you proceed with the
partitioner, your decrypted device should be at /dev/mapper/target/ and
you can do what you want with it.

HTH
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPJtIbAAoJECivkG/nESo73hMP/08CH/t9vasVvOGaJFLho/Fn
LzUh1Yav17OPVIK2dvGe1Wl9F7rk6hDks9/tyVqYZTS4tzIHm+6toZlgKPJ0/y2Z
V5v/ynSVQ1KndXX9YJI1DaZy75VpVQlHhE9hoCODgHSn78RyVosAGYvExuPq8vrK
OiiyTDX6ZrzaeZ3Mc3Qfimmr3VSIjzZilDPO40iKqjzor0BBj8GN1NlQKlY394aj
FOwZ8n7ogOX2mD8Et7UyOKaVQKduDXp2ANwP7oEzvYkc5tWtGSwHYBZ1Fk/BIClS
ToUnNqjIleb9cWRWeoO6KvukNtCyW3KtuohsdN+FPAPyplSyIoXiNdKKrEa/tr7f
z4yytlBO1nzFWj2JOLUW2akx0asKwj6nWjP3ggScZ6n8+wC+UPuWwzSZOkqeqcWS
Rew9mA/z5GZeMoerjUJH4cZaAhFOiPm1LaOtXTakEwuUDvwbM/hV4YSSj8dUtNIF
RO97VbjBlpKr/FhxbkI9qXZtxhYu4pnwvCOSDDwKGEUUI24qQpdr8AfPDRFtm+9b
/wrdwRSu6X+hneHKnIVRyoS3jzHaAT7Mj8JAFSiE7GU41PFp8MpEk7itGktZXb/3
rEh+pucQAVmf0Vgrw/xH3X1ALbNNGaXiguy292SoosePjDCXzT+8hQlXDeaYCJ50
iLgwYaBR/aSiOT5f5gPz
=vjHQ
-----END PGP SIGNATURE-----