Disclaimer: I never used a crypt setup myself, so I'm not an expert in this setup.
>>>>> On Wed, 4 Jan 2017 14:00:56 +0100, Kai Wilke <ki...@netzworkk.de> said: > my disk_config: > disk_config disk1 disklabel:gpt-bios bootable:1 > primary - 200 - - > primary - 8192 - - > primary - 0- - - > disk_config cryptsetup > swap swap /dev/sda2 swap sw lukscreateopts="-c aes-xts-plain64 -h sha512" > luks / /dev/sda3 ext4 rw lukscreateopts="-c aes-xts-plain64 -h sha512" > Executing: cryptsetup luksOpen /dev/sda3 crypt_dev_sda3 --key-file \ > /tmp/fai/crypt_dev_sda3 > Executing: mkfs.ext4 /dev/mapper/crypt_dev_sda3 > Boot partition cannot be encrypted > 1. Why "Boot partition cannot be encrypted", /dev/sda1 is Boot partition? /dev/sda1 is not the boot partition, because you did not specified a /boot partition. You forgot to specify a mount point for /dev/sda1. So / (= /dev/sda3) will be the boot partition (which hold vmlinuz and initrd. -- regards Thomas