back to Netrunner | back to Blue Systems

How to Enrcypt Root - Manual Partition?


#1

I’m doing a manual partition in order to encrypt root, but leave the boot alone. I have doing the following:

I have designated 700 MB to boot on ext2. Mount point /boot (No Encryt)

I’m creating the rest of the hard drive to ext4, Encrypt – Mount point root / (Encrypted)

So the boot is not encrypted, but the root is. So this should work, and it works fine when I tried the same thing with Arcolinux.
When the installation is completed and I restart, I get an error message saying “Crypt setup error, maximum of tries failed, but I haven’t even had a chance to enter anything. So what am I missing or doing wrong?


#2

I would suggest using full disk encryption instead of having /boot unencrypted.
/boot unencrypted has a high risk of people mangling with your kernel or initrd and such makes no sense in a scenario where encryption is wanted.


#3

I encrypted the boot on ext2, and root on ext4, but it won’t boot to the login screen after entering the encryption passphrase. I even tried Neptune, using the system encryption instead, and same thing happened. It won’t boot to to the login screen after you enter the encryption key. Any ideas?


#4

Do you get any error messages?


#5

Once I enter the encryption key, it takes about a minute and you get the message "crypt setup successfully. You see the Netrunner logo trying to load, but I never get to the login screen I get this:
busyBox v1.30.1 (Debian 1:1.3-.1-4) built-in shell (ash)
Enter ‘help’ for a list of built-in commands.
(intiramfs)-


#6

This seems to be an issue with the initramfs. For some reason it is broken.
Can you chroot from a live system into your installed system and rebuild the initrd with update-initramfs -u