Jonathan Hettwer <j24...@gmail.com> writes: > Package: partman-crypto > Version: 121 > Severity: normal > Tags: d-i > X-Debbugs-Cc: j24...@gmail.com > > Dear Maintainer, > > The `crypto_check_mountpoints` script prevents you from setting up an > encrypted root filesystem without an additional unencrypted /boot > filesystem. > While this may be a requirement for e.g. grub2, it is not > necessarily required when not using grub2 but using UKIs to build EFI > executables that can directly mount the encrypted root filesystem. > While UKIs aren't currently supported, I would still expect partman-crypto > to let me partition an encrypted root filesystem without separate /boot > filesystem, at least after having ignored the warnings or in combination > with the `nobootloader` udeb.
Quick note: systemd-boot works with kernel images + initramfs, without UKI. After the systemd-boot menu, the user is prompted for the master LUKS password, as usual, and I use the derived key script to then unlocks a couple LUKS volumes. No LVM, no /boot. It seems to work well, but yeah, it's not possible to do this with fresh install (I manually migrated an old installation to new hardware). Regards, Nicholas
signature.asc
Description: PGP signature
