Control: tags -1 patch On Sun, 08 Oct 2023 17:57:01 -0400 Nicholas D Steeves <s...@debian.org> wrote: > Jonathan Hettwer <j24...@gmail.com> writes: > > > Package: partman-crypto > > Version: 121 > > Severity: normal > > Tags: d-i > > X-Debbugs-Cc: j24...@gmail.com > > > > Dear Maintainer, > > > > The `crypto_check_mountpoints` script prevents you from setting up an > > encrypted root filesystem without an additional unencrypted /boot > > filesystem. > > While this may be a requirement for e.g. grub2, it is not > > necessarily required when not using grub2 but using UKIs to build EFI > > executables that can directly mount the encrypted root filesystem. > > While UKIs aren't currently supported, I would still expect partman-crypto > > to let me partition an encrypted root filesystem without separate /boot > > filesystem, at least after having ignored the warnings or in combination > > with the `nobootloader` udeb. > > Quick note: systemd-boot works with kernel images + initramfs, without > UKI. After the systemd-boot menu, the user is prompted for the master > LUKS password, as usual, and I use the derived key script to then > unlocks a couple LUKS volumes. No LVM, no /boot. It seems to work > well, but yeah, it's not possible to do this with fresh install (I > manually migrated an old installation to new hardware).
Pending at: https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/8 Test iso built by CI can be found here: https://salsa.debian.org/bluca/partman-crypto/-/jobs/5694502/artifacts/browse/debian/output/ Any help testing would be welcome -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part