Encrypted multiboot usb / adding cryptsetup to initrd
0
votes
0
answers
132
views
I'm trying to create a multiboot usb drive for Debian images including a live system, netinst, and DVD-1 iso.
I've got as far as creating the partitions
1. EFI fat32
2. Boot luks2
3. ISOs luks2
Then I install grub targeting the efi and boot partitions, add a vmlinuz and initrd to the boot partition along with a custom grub.cfg.
Grub successful unlocks the boot partition and then runs the kernel. However, at this point I can't get the kernel to unlock the ISOs partition where the iso images are.
As far as I understand it, the initrd file downloaded from:
https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/hd-media/
does not include support for cryptsetup, nor does any other initrd image I've tried. It looks like I need to edit or make my own. My host system (also Debian) is able to unlock a luks partition so it is obviously possible, but I don't know the steps to take to set this up on a usb drive.
My
grub.cfg menuentries look a bit like:
# Workaround for "out of memory" error
rmmod tpm
menuentry "Install" {
set isofile="/debian-${VERSION}-amd64-${installer}.iso"
set options="cryptdevice=UUID=${cryptuuid}:luks root=/dev/mapper/luks quiet splash"
linux /vmlinuz iso-scan/filename=$isofile $options
initrd /initrd.img
}
menuentry "Live" {
loopback loop ($root)$isofile
linux (loop)/live/vmlinuz boot=live findiso=$isofile
initrd (loop)/live/initrd.img
}debootstrap and then chroot, installing a few things and then using mkinitramfs, however it doesn't load properly
> Gave up waiting for root file system device. Common problems:
...
ALERT! /dev/mapper/luks does not exist. Dropping to a shell!
Asked by a2k42
(131 rep)
Nov 5, 2024, 01:57 PM
Last activity: Nov 5, 2024, 04:54 PM
Last activity: Nov 5, 2024, 04:54 PM