Debian Full Disk Encryption: Does Debian Installer use LUKS 1 or 2?
As of Debian Buster, the installer uses the LUKS2 format. As described in the release notes...
The cryptsetup version shipped with Debian buster uses the new on-disk LUKS2 format. New LUKS volumes will use this format by default.
Please note that the GNU GRUB bootloader doesn't support the LUKS2 format yet. See the corresponding documentation for further information on how to install Debian 10 with encrypted boot. -source: https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#cryptsetup-luks2
The Debian documentation proceeds to describe work-arounds for getting full disk encryption to work on Buster.
Related videos on Youtube
Mike
Updated on September 18, 2022Comments
-
Mike over 1 year
During installation, whenever I put
/boot
inside an LVM on top of LUKS along with swap,/
and/home
, afterwards when I try to boot into it, it only gives me the minimal bash-likegrub
terminal. This doesn't happen when/boot
is left outside unencrypted.I'm opting for FDE so I want
/boot
to be inside the LVM on LUKS. So what gives? I reckon Debian Installer uses LUKS 2 or otherwise it messes up the install in some other way that's beyond the scope of my knowledge. I tried to find similar threads but no luck.-
frostschutz over 4 yearsyou tell us... what does cryptsetup luksDump say
-
-
pevik about 4 yearsFYI: grub2 got the support: git.savannah.gnu.org/cgit/grub.git/commit/…, not yet in Debian unstable.