Debian Full Disk Encryption: Does Debian Installer use LUKS 1 or 2?

debian boot encryption luks
6,056

As of Debian Buster, the installer uses the LUKS2 format. As described in the release notes...

The cryptsetup version shipped with Debian buster uses the new on-disk LUKS2 format. New LUKS volumes will use this format by default.

Please note that the GNU GRUB bootloader doesn't support the LUKS2 format yet. See the corresponding documentation for further information on how to install Debian 10 with encrypted boot. -source: https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#cryptsetup-luks2

The Debian documentation proceeds to describe work-arounds for getting full disk encryption to work on Buster.

Share:
6,056

Related videos on Youtube

Mike
Author by

Mike

Updated on September 18, 2022

Comments

  • Mike
    Mike almost 2 years

    During installation, whenever I put /boot inside an LVM on top of LUKS along with swap, / and /home, afterwards when I try to boot into it, it only gives me the minimal bash-like grub terminal. This doesn't happen when /boot is left outside unencrypted.

    I'm opting for FDE so I want /boot to be inside the LVM on LUKS. So what gives? I reckon Debian Installer uses LUKS 2 or otherwise it messes up the install in some other way that's beyond the scope of my knowledge. I tried to find similar threads but no luck.

    • frostschutz
      frostschutz over 4 years
      you tell us... what does cryptsetup luksDump say
  • pevik
    pevik about 4 years
    FYI: grub2 got the support: git.savannah.gnu.org/cgit/grub.git/commit/…, not yet in Debian unstable.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Won't boot (drop to busybox) after kernel upgrade (with encrypted disks)
Full System encryption with LUKS on headless server - unlock with dropbear and busybox. How?
Reinstall to existing encrypted partitions
How to repair /boot on LUKS encrypted harddrive?
LUKS keyscript being ignored ... asks for password
Warnings about cryptsetup on new Ubuntu 17.10 installation?
Cannot enter password to start Ubuntu
How do I automatically decrypt an encrypted filesystem on the next reboot?
Automatically unlock LUKS partition using a key on an USB drive on Debian Jessie
Ubuntu 13.10 - How to disable LVM and cryptsetup? cryptsetup: evms_activate is not available