Encrypted boot disk

New to Debian (Or Linux in general)? Ask your questions here!

Encrypted boot disk

Postby alikzn101 » 2020-11-06 22:53

Hi Guys

Are there any methods to boot from a encrypted boot disk without putting in the password manually ? Is there an online option to get the passphrase accepted ?

Thanks
Al
alikzn101
 
Posts: 11
Joined: 2020-10-09 01:06

Re: Encrypted boot disk

Postby p.H » 2020-11-07 07:09

I'm afraid not. From https://www.gnu.org/software/grub/manua ... figuration :
‘GRUB_ENABLE_CRYPTODISK’

If set to ‘y’, grub-mkconfig and grub-install will check for encrypted disks and generate additional commands needed to access them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.


Or do you actually mean "mount an encrypted root filesystem" after booting from an unencrypted /boot filesystem ?
p.H
 
Posts: 1512
Joined: 2017-09-17 07:12

Re: Encrypted boot disk

Postby alikzn101 » 2020-11-07 13:33

p.H wrote:Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.


So I guess the correct term is unattended boot on an encrypted partition.
I read somewhere that and online service can be called to allow the system to boot, but I cannot find that info anymore.

So how would a customer on cloud provider boot on an encrypted partition?
alikzn101
 
Posts: 11
Joined: 2020-10-09 01:06

Re: Encrypted boot disk

Postby sickpig » 2020-11-07 19:02

You can add the root unlock luks key in initramfs by specifying its location in /etc/cryptsetup-initramfs/conf-hook AND then regenerate initramfs.

As far as /boot is concerned I do not suppose that is encrypted on instances provided in public cloud.

I did not find 'insmod cryptodisk' in grub.cfg on any of my encrypted instances in different public clouds.

edit - Also did not find 'GRUB_ENABLE_CRYPTODISK=y' in /etc/default/grub
User avatar
sickpig
 
Posts: 589
Joined: 2019-01-23 10:34


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable