Re: system drive encryption question
Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> writes:
> The version of GRUB included in Jessie at least can handle an encrypted
> /boot. However the Debian installer does not handle this case correctly.
> You must add the following line in /etc/default/grub in order for
> grub-install to install the core image with crypto modules and for
> update-grub to generate a proper grub.cfg :
> (not =1 or =true as seen on some documentation)
> The procedure in the post you point to is flawed in Debian Jessie : if
> you run update-grub or grub-mkconfig before adding the line in
> /etc/default/grub, it won't add the required "cryptomount" commands to
> open encrypted devices. Actually it is grub-mkconfig which is broken :
> if the line is present, it adds an cryptomount command in every menu
> entry, even when not needed (and generates boot-time errors). If the
> line is missing, it adds insmod commands to load crypto modules when
> needed but not the cryptomount commands.
I never said that it works on debian. I just wanted to point out that
it is not strictly necessary to have an unencrypted /boot partition.