You are not logged in.
Pages: 1
Thanks, I have added a note that the procedure is applicable/relevant to the netinst installation (which uses d-i).
No, just this one change was enough.
Hey, yes, there is 'luks' module loaded in grub and grub decrypts it. And yes, the key needs to be entered twice.
I believe this is the standard way how encryption of this type is set up, and one of alternatives is certainly, as you mention, to use signing instead of encryption.
Thanks!
The page:
http://techpubs.spinlocksolutions.com/d … ption.html
Explains how to set up Devuan with full disk encryption (including /boot) during system installation when using the netinst ISO image. (The netinst ISO uses debian-installer. The Live ISO uses Refracta, which can set up boot on an encrypted root partition without any manual work needed.)
The procedure explained here is done by entering shell and executing commands after everything has been installed but before user clicks "Finish installation".
The idea is that for the official/standard part of the installation, an unencrypted partition is created and /boot is placed on it.
Then after the installer is done installing files, user enters shell and moves boot files onto the main (encrypted) partition, and re-purposes the unencrypted /boot partition into an encrypted swap partition.
This way all goals are met (fully standard installation, with full disk encryption, and with swap, done in the same session as the installation).
Pages: 1