debian-user:
I have a desktop computer with an Intel DQ67SW motherboard and an Intel
SSD 520 Series 60 GB system drive connected to the first SATA port.
I downloaded:
debian-10.6.0-amd64-xfce-CD-1.iso
I verified the GPG signature on the checksum file and verified the
checksum on the ISO file.
I burned the ISO file to a USB flash drive and verified the checksum of
the burned image.
The motherboard firmware is configured for BIOS mode. When I ran the
Debian Installer (d-i), it came up in BIOS mode. I choose 'manual'
partitioning:
Encrypted volume (sdb2_crypt) - 1.0 GB Linux device-mapper (crypt)
#1 1.0 GB f swap swap
Encrypted volume (sdb3_crypt) - 12.0 GB Linux device-mapper (crypt)
#1 12.0 GB f ext4 /
SCSI5 (0,0,0) (sdb) - 60.0 GB ATA INTEL SSDSC2CW06
#1 primary 999.3 MB B F ext4 /boot
#2 primary 1.0 GB K crypto (sdb2_crypt)
#3 primary 12.0 GB K crypto (sdb3_crypt)
46.0 GB FREESPACE
Note that the system drive is 'sdb' (the USB drive was 'sda').
I learned a long time ago that the system drive should be 'sda' during
installation, or bad things can happen.
I tried moving the USB flash drive to various USB ports and changing
CMOS Setup settings, but was unable to find a configuration whereby the
system drive was 'sda' and the USB drive was 'sbd'.
So, I proceeded with the install.
Upon rebooting, I entered the LUKS passphrase for sdb3_crypt.
Boot continued, and then then hung at:
cryptsetup: Waiting for encrypted source device sdb2_crypt
After a timeout, the boot manager started BusyBox. As expected, the
system drive is now /dev/sda.
I mounted sdb3_crypt at /mnt. I commented out the 'sdb2_crypt' entry in
crypttab(5)
#sdb2_crypt /dev/sdb2 /dev/urandom cipher=aes-xts-plain64,size=256,swap
I commented out the 'sdb2_crypt' entry in fstab(5).
#/dev/mapper/sdb2_crypt none swap sw
I then rebooted. Same problem:
cryptsetup: Waiting for encrypted source device sdb2_crypt
It appears:
1. d-i still puts the kernel enumeration device node for random
encrypted partitions into crypttab(5). This is brittle, and fails if
the device node changes.
A better solution is use one of the /dev/disk/by-*/* nodes. For example:
sdb2_crypt /dev/disk/by-partuuid/007a0565-02 /dev/urandom
cipher=aes-xts-plain64,size=256,swap
2. The Debian boot loader does not read crypttab(5) and/or fstab(5)
from the root partition (?!!!).
Does Debian put these settings in initrd(4)? Do I need to run
update-initramfs(8) in the bootloader BusyBox and/or d-i rescue shell if
I change crypttab(5) and/or fstab(5)?
A better solution is to put the relevant information in exactly one
location -- /etc/crypttab and /etc/fstab -- and read it from everywhere;
including the bootloader.
Comments? Explanations? Suggestions?
David
