Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1053678: partman-crypto: Requires separate /boot partition, even if not required
1 view
Skip to first unread message
Jonathan Hettwer
Oct 8, 2023, 12:20:04 PM10/8/23
to
Package: partman-crypto
Version: 121
Severity: normal
Tags: d-i
X-Debbugs-Cc: j24...@gmail.com
Dear Maintainer,
The `crypto_check_mountpoints` script prevents you from setting up an
encrypted root filesystem without an additional unencrypted /boot
filesystem.
While this may be a requirement for e.g. grub2, it is not
necessarily required when not using grub2 but using UKIs to build EFI
executables that can directly mount the encrypted root filesystem.
While UKIs aren't currently supported, I would still expect partman-crypto
to let me partition an encrypted root filesystem without separate /boot
filesystem, at least after having ignored the warnings or in combination
with the `nobootloader` udeb.
I would suggest letting users ignore the warning and continue if they
really want to, similar to the warning by LVM2.
-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: bauen1-policy
Version: 121
Severity: normal
Tags: d-i
X-Debbugs-Cc: j24...@gmail.com
Dear Maintainer,
The `crypto_check_mountpoints` script prevents you from setting up an
encrypted root filesystem without an additional unencrypted /boot
filesystem.
While this may be a requirement for e.g. grub2, it is not
necessarily required when not using grub2 but using UKIs to build EFI
executables that can directly mount the encrypted root filesystem.
While UKIs aren't currently supported, I would still expect partman-crypto
to let me partition an encrypted root filesystem without separate /boot
filesystem, at least after having ignored the warnings or in combination
with the `nobootloader` udeb.
I would suggest letting users ignore the warning and continue if they
really want to, similar to the warning by LVM2.
-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: bauen1-policy
Nicholas D Steeves
Oct 8, 2023, 6:10:05 PM10/8/23
to
Jonathan Hettwer <j24...@gmail.com> writes:
> Package: partman-crypto
> Version: 121
> Severity: normal
> Tags: d-i
> X-Debbugs-Cc: j24...@gmail.com
>
> Dear Maintainer,
>
> The `crypto_check_mountpoints` script prevents you from setting up an
> encrypted root filesystem without an additional unencrypted /boot
> filesystem.
> While this may be a requirement for e.g. grub2, it is not
> necessarily required when not using grub2 but using UKIs to build EFI
> executables that can directly mount the encrypted root filesystem.
> While UKIs aren't currently supported, I would still expect partman-crypto
> to let me partition an encrypted root filesystem without separate /boot
> filesystem, at least after having ignored the warnings or in combination
> with the `nobootloader` udeb.
Quick note: systemd-boot works with kernel images + initramfs, without
> Package: partman-crypto
> Version: 121
> Severity: normal
> Tags: d-i
> X-Debbugs-Cc: j24...@gmail.com
>
> Dear Maintainer,
>
> The `crypto_check_mountpoints` script prevents you from setting up an
> encrypted root filesystem without an additional unencrypted /boot
> filesystem.
> While this may be a requirement for e.g. grub2, it is not
> necessarily required when not using grub2 but using UKIs to build EFI
> executables that can directly mount the encrypted root filesystem.
> While UKIs aren't currently supported, I would still expect partman-crypto
> to let me partition an encrypted root filesystem without separate /boot
> filesystem, at least after having ignored the warnings or in combination
> with the `nobootloader` udeb.
UKI. After the systemd-boot menu, the user is prompted for the master
LUKS password, as usual, and I use the derived key script to then
unlocks a couple LUKS volumes. No LVM, no /boot. It seems to work
well, but yeah, it's not possible to do this with fresh install (I
manually migrated an old installation to new hardware).
Regards,
Nicholas
0 new messages