Web lists-archives.com

Re: Won't boot if /, home, swap are encrypted




On 10/21/18 6:25 AM, D&P Dimov wrote:
> I did a new install of latest Debian 9.5 stable on a new Dell laptop. Debian is the only OS there now. If I encrypt /, home, and swap, it won't boot after install. If I leave them unencrypted, it boots fine. What am I missing?
> Thanks!
> 

Did you remember to make an unencrypted /boot partition? The Debian
installer does not support encrypted /boot partition, you will need to
leave it unencrypted.

For example, see my current partition table:

matthew@matt-tower:~$ lsblk
NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                     8:0    0 465.8G  0 disk
├─sda1                  8:1    0 953.7M  0 part  /boot
├─sda2                  8:2    0     1K  0 part
└─sda5                  8:5    0 464.8G  0 part
  └─sda5_crypt        254:0    0 464.8G  0 crypt
    ├─root--swap-root 254:1    0   447G  0 lvm   /
    └─root--swap-swap 254:2    0  17.8G  0 lvm   [SWAP]
sdb                     8:16   0 931.5G  0 disk
└─sdb1                  8:17   0 931.5G  0 part
  └─sdb1_crypt        254:3    0 931.5G  0 crypt
    └─home-home       254:4    0 931.5G  0 lvm   /home

/boot is its own unencrypted partition, root and swap are in a LUKS
encryption, and /home is on its own hard disk (and also LUKS encrypted)