7[00:01:42] <frikinz> brutser: does it decrypt the whole disk or just mount it and decrypts on the fly? where is the decrypted disk stored? I don't really see how this could work tbh
8[00:02:04] <theciaguy> See also "LUKS," "full disk encryption," etc.
9[00:02:07] <dllbrt> poot, thanks. The programs were bibletime and Xiphos. I was fixing up an old system to be a kids' system for a family. Another quirk: I didn't find a general systm administration package, just synaptic. I'd like to be able to do some system setting like Mageia has.
10[00:02:10] <frikinz> oh it works with luks1 mmh
11[00:02:12] <theciaguy> It works all day, every day, on millions of systems.
12[00:02:13] <jelly> brutser: where precisely does this kernel panic happen? Maybe you just don't have luks things inside the initramfs image
13[00:02:31] <brutser> frikinz: let's say it's /dev/sda that is encrypted with luks1 type - then grub2 is capable of decrypting it without kernel/initrd, just by adding the right modules
14[00:02:32] <theciaguy> GRUB2 can directly unlock LUKS containers without an initramfs if the container is LUKS1.
15[00:02:41] <brutser> theciaguy: yes exact
16[00:02:51] <brutser> let me repeat what i wrote in the question >>
17[00:02:53] <frikinz> brutser: yes but once you boot?
18[00:03:16] <jelly> theciaguy: but the kernel needs to be able to decrpt/open it again itself.
21[00:03:39] *** Quits: television (~alex@replaced-ip) (Read error: Connection reset by peer)
22[00:03:54] <brutser> yes, then i boot and i get grub rescue because no bootable device - i decrypt the /dev/sda with "cryptomount (ahci0)" which is the first ssd - that takes a bit of time, because grub decrypt is slow
23[00:03:55] <theciaguy> jelly: And that should be easy to accomplish if the kernel/initramfs have the necessary things.
24[00:04:40] <brutser> then i need to set root > "set root=crypto0" - (crypto0) is the decrypted /dev/sda - i can then do ls / and it show me the root filesystem , everything good so far
25[00:04:57] <brutser> now i need to set grub's boot parameters, so the kernel and initrd
26[00:04:59] <jelly> brutser: where is your grub installed if the whole of /dev/sda is your luks device?
27[00:05:13] <theciaguy> Oof. Don't use the bare device. DEFINITELY use a partition.
28[00:05:16] <brutser> jelly: it's a coreboot with grub2 as payload
29[00:05:21] <jelly> nice
30[00:05:24] <brutser> so i guess it's on the bios
34[00:06:17] <brutser> theciaguy: yea maybe you right abt that, but that is not causing the problem i think, but maybe i'm wrong
35[00:06:34] <jelly> brutser: well this ought to work in theory. In practice however grub.cfg will be different than usual, and /etc/crypttab might be slightly different as well
37[00:07:08] <brutser> jelly: yes exact, i cannot find an example, so i am trial-error-ing
38[00:07:48] <brutser> I need to point to the kernel and initrd, so > "linux /vmlinuz root=/ ro quiet" - i wonder if that's the correct line "root=/" seems a bit weird
39[00:08:31] <brutser> but the kernel panic most likely come from crypttab being wrong
40[00:08:54] <brutser> anyway, i will continue trial-error :)
41[00:09:01] <jelly> brutser: you need to tell the kernel where the device with your root filesystem will be, and root=/ ... / is not a valid device path
42[00:09:02] *** debhelper sets mode: +l 1543
43[00:09:48] <jelly> brutser: /dev/mapper/crypto0 might be a valid device path. or /dev/mapper/vgname-lvname
44[00:09:49] <brutser> jelly: yea, but when grub2 decrypt the /dev/sda it create a (crypto0) device (?)
45[00:09:57] <brutser> oh ok
46[00:10:04] <jelly> what grub calls it is not relevant.