Debian Full Disk Encryption: Does Debian Installer use LUKS 1 or 2?

6,056

As of Debian Buster, the installer uses the LUKS2 format. As described in the release notes...

The cryptsetup version shipped with Debian buster uses the new on-disk LUKS2 format. New LUKS volumes will use this format by default.

Please note that the GNU GRUB bootloader doesn't support the LUKS2 format yet. See the corresponding documentation for further information on how to install Debian 10 with encrypted boot. -source: https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#cryptsetup-luks2

The Debian documentation proceeds to describe work-arounds for getting full disk encryption to work on Buster.

Share:
6,056

Related videos on Youtube

Mike
Author by

Mike

Updated on September 18, 2022

Comments

  • Mike
    Mike over 1 year

    During installation, whenever I put /boot inside an LVM on top of LUKS along with swap, / and /home, afterwards when I try to boot into it, it only gives me the minimal bash-like grub terminal. This doesn't happen when /boot is left outside unencrypted.

    I'm opting for FDE so I want /boot to be inside the LVM on LUKS. So what gives? I reckon Debian Installer uses LUKS 2 or otherwise it messes up the install in some other way that's beyond the scope of my knowledge. I tried to find similar threads but no luck.

    • frostschutz
      frostschutz over 4 years
      you tell us... what does cryptsetup luksDump say
  • pevik
    pevik about 4 years
    FYI: grub2 got the support: git.savannah.gnu.org/cgit/grub.git/commit/…, not yet in Debian unstable.