[dm-crypt] Mildly OT: LUKS and the Debian installer
m at michaelranft.com
Tue May 22 21:58:21 CEST 2018
On Dienstag, 22. Mai 2018 00:50:39 CEST Diagon wrote:
> So I'm doing something that I've done many times with Ubuntu. That is,
> preparing my disks in the live system (usually /boot on a USB stick and
> / on luks, no partition table on that second drive), then running the
> install, and finally pivoting in to fix crypttab and update the initramfs.
> After many tries with the debian installer, I've almost been able to get
> this to work, though it does need some tending to to get there. The
> problem comes after I've pivoted in. I install cryptsetup, as I find
> that it's not there, and then correct crypttab/initramfs. Oddly, I find
> the initramfs does not include cryptsetup. Hmmm.
> I'm getting crickets on the Debian user list, but I figure someone here
> must have done something like this. Any hope I might find help?
I did a similar thing with ascii 2 weeks ago (and wheezy years ago, ) because
I wanted different cryptsetup parameters than the installer offered: plain-dm
(no LUKS), hash sha512 and size 512.
So I started the installer and did every step of it, including the
partitioning of crypted devices and choosing the modules for encryption etc
I stopped right before "install base-system". I opened a shell and copied
_all_ installed files and dirs of the new system (under /target: crypttab
etc). to secure them, then I destroyed the partitions with the unwanted
cryptsetup parameters and recreated them with the new params, modified
crypttab as desired.
Then I proceeded with "install base system" and the following steps as usual.
A minor difference: I used plain-dm-crypt and an underlying software raid
(mdadm etc). System runs fine and performance is more than acceptable (x220/i5
with 850 pro/840evo).
More information about the dm-crypt