[dm-crypt] Mildly OT: LUKS and the Debian installer

Michael Ranft m at michaelranft.com
Tue May 22 21:58:21 CEST 2018

On Dienstag, 22. Mai 2018 00:50:39 CEST Diagon wrote:
> So I'm doing something that I've done many times with Ubuntu.  That is,
> preparing my disks in the live system (usually /boot on a USB stick and
> / on luks, no partition table on that second drive), then running the
> install, and finally pivoting in to fix crypttab and update the initramfs.
> After many tries with the debian installer, I've almost been able to get
> this to work, though it does need some tending to to get there.  The
> problem comes after I've pivoted in.  I install cryptsetup, as I find
> that it's not there, and then correct crypttab/initramfs.  Oddly, I find
> the initramfs does not include cryptsetup.  Hmmm.
> I'm getting crickets on the Debian user list, but I figure someone here
> must have done something like this.  Any hope I might find help?
> /D

I did a similar thing with ascii 2 weeks ago (and wheezy years ago, ) because 
I wanted different cryptsetup parameters than the installer offered: plain-dm 
(no LUKS), hash sha512 and size 512.
So I started the installer and did every step of it, including the 
partitioning of crypted devices and choosing the modules for encryption etc 
I stopped right before "install base-system". I opened a shell and copied 
_all_ installed files and dirs of the new system (under /target: crypttab 
etc). to secure them, then I destroyed the partitions with the unwanted 
cryptsetup parameters and recreated them with the new params, modified 
crypttab as desired.
Then I proceeded with "install base system" and the following steps as usual.
A minor difference: I used plain-dm-crypt and an underlying software raid 
(mdadm etc). System runs fine and performance is more than acceptable (x220/i5 
with 850 pro/840evo).

More information about the dm-crypt mailing list