7[00:01:42] <frikinz> brutser: does it decrypt the whole disk or just mount it and decrypts on the fly? where is the decrypted disk stored? I don't really see how this could work tbh
8[00:02:04] <theciaguy> See also "LUKS," "full disk encryption," etc.
9[00:02:07] <dllbrt> poot, thanks. The programs were bibletime and Xiphos. I was fixing up an old system to be a kids' system for a family. Another quirk: I didn't find a general systm administration package, just synaptic. I'd like to be able to do some system setting like Mageia has.
10[00:02:10] <frikinz> oh it works with luks1 mmh
11[00:02:12] <theciaguy> It works all day, every day, on millions of systems.
12[00:02:13] <jelly> brutser: where precisely does this kernel panic happen? Maybe you just don't have luks things inside the initramfs image
13[00:02:31] <brutser> frikinz: let's say it's /dev/sda that is encrypted with luks1 type - then grub2 is capable of decrypting it without kernel/initrd, just by adding the right modules
14[00:02:32] <theciaguy> GRUB2 can directly unlock LUKS containers without an initramfs if the container is LUKS1.
15[00:02:41] <brutser> theciaguy: yes exact
16[00:02:51] <brutser> let me repeat what i wrote in the question >>
17[00:02:53] <frikinz> brutser: yes but once you boot?
18[00:03:16] <jelly> theciaguy: but the kernel needs to be able to decrpt/open it again itself.
21[00:03:39] *** Quits: television (~alex@replaced-ip) (Read error: Connection reset by peer)
22[00:03:54] <brutser> yes, then i boot and i get grub rescue because no bootable device - i decrypt the /dev/sda with "cryptomount (ahci0)" which is the first ssd - that takes a bit of time, because grub decrypt is slow
23[00:03:55] <theciaguy> jelly: And that should be easy to accomplish if the kernel/initramfs have the necessary things.
24[00:04:40] <brutser> then i need to set root > "set root=crypto0" - (crypto0) is the decrypted /dev/sda - i can then do ls / and it show me the root filesystem , everything good so far
25[00:04:57] <brutser> now i need to set grub's boot parameters, so the kernel and initrd
26[00:04:59] <jelly> brutser: where is your grub installed if the whole of /dev/sda is your luks device?
27[00:05:13] <theciaguy> Oof. Don't use the bare device. DEFINITELY use a partition.
28[00:05:16] <brutser> jelly: it's a coreboot with grub2 as payload
29[00:05:21] <jelly> nice
30[00:05:24] <brutser> so i guess it's on the bios