I'm normally an Arch Linux user, but am now setting up a Debian-server (hence my first post here). My partition setup is:
- Code: Select all
/dev/sdb :
sdb1) 511 MB fat32, flags: boot,esp
sdb2) 1074 MB - LUKS1-encrypted for boot
sdb3) 254GB LVM2 inside a LUKS2-encrypted container
I've been running this type of setup for some years on Arch Linux and would like the same for my debian-server. I think (after a loong time) managed to install debian with this setup (wasn't easy: eventually found out that in the "Debian GNU/Linux UEFI Installer menu" choose "Advanced Options..." and "Graphical expert install" - otherwise you won't be able to use "cryptsetup luksOpen" from terminal, which is needed)... I think I can still boot from a USB-installer ("Graphical expert install") and I think I can then unlock the LUKS2-partition and chroot into it! My problem at the moment is GRUB: When I reboot the pc, I get into the GRUB emergency prompt (am using GNU GRUB version 2.02=dfsg1-20).
- Code: Select all
grub>
PROBLEM 1 (most urgent): It's wrong - GRUB should be asking for a password automatically, but it isn't asking for password... When the correct password is entered, it should show me the boot-menu with boot-options... I can get a bit further by doing:
- Code: Select all
cryptomount (hd3,gpt2)
set prefix=(crypto0)/grub
insmod normal
normal
PROBLEM 2 (please wait with this, until first problem is solved):
I can't boot, because the next step is that the LUKS2-header and keys for both LUKS-partitions should be stored within the initrd-image and then at least on Arch Linux I can make a pre-hook to automatically decrypt sdb3 using a special commandline which deals with the detached header-file. This I think is definately also possible on Debian - anyway, please help with Problem 1first...