Apologies: Forgot to add a subject line.
Hi,
Hoping someone can help me figure out how to pass the live-media device to the
linux kernel from GRUB, if the live-media is itself on a LUKS encrypted device.
Details below ...
I am trying to use Grub 2.00 (with Luks support enabled) to boot a Debian-live
system from an encrypted LUKS partition. /boot is also located in the encrypted
Partition. I am using grub.cfg like below, and things work fine (With Grub
requesting a password for the encrypted file system and parsing grub.cfg,
displaying the menu, etc.. The problem arises with the linux command to load
the kernel. Loading the Debian-live based OS requires passing a reference to
the device hosting the root file system in the /live folder ( via the
live-media kernel command-line parameter). I am passing this reference as
/dev/disk/by-uuid/<uuid-of-the-decrypted-fs> . The UUID I am using is the one
read by blkid when I mounted and decrypted this encrypted partition from
another Linux host. However, this does not work and from the GRUB and kernel
debugging output on the console, it appears to be because the path to the
decrypted fs device is invalid. If I mount and decrypt the LUKS partition from
a r
unning Linux OS, this device is always created with the same UUID, so I
expected this to happen when GRUB decrypts the LUKS partition. Turns out not to
be the case.
Is there some way I can indicate to live-boot that the live-media is on a LUKS
encrypted device and needs to be decrypted first?
Here is my grub.cfg
menuentry 'FDE Live' { set isofile="/ISOs/linux.iso"
# The UUID for the encrypted LUKS partition as obtained by running
blkid set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d"
# The UUID for the decrypted ext4 fs in the LUKS partition set
decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008"
insmod part_msdos insmod loopback insmod iso9660
insmod cryptodisk insmod luks
echo 'Mounting encrypted disk ...' cryptomount -u
${encryptedfs_uuid}
echo 'Searching for the root fs in the decrypted fs...' set
root=(cryptouuid/${encryptedfs_uuid}) search --no-floppy --fs-uuid
--set=root ${decryptedfs_uuid}
echo 'Setting up a loopback device to the CD image' loopback
loop $root/$isofile set root=loop
echo 'Loading Linux Kernel ...' linux /live/vmlinuz boot=live
live-media=/dev/disk/by-uuid/${decryptedfs_uuid}
fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img
config debug video=640x480 fbcon=scrollback:128
echo 'Loading initial ramdisk ...' initrd /live/initrd.img}
The problem is that at the time of loading the kernel, there is no device
/dev/disk/by-uuid/${decryptedfs_uuid}
Am just learning things as I go, so please do pardon me if this is a newbie
question and I have missed something obvious.
Regards,Steve
