Linux - DistributionsThis forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on...
Note: An (*) indicates there is no official participation from that distribution here at LQ.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I made a Void Linux install, followed their Documentation on FDE, and some other places too (Arch Wiki, mutschler.dev, ect). After finishing it, during boot (kernel loading), the root partition is decrypted and mounted, but the boot partition it isnt, so it throws me to a Emergency mode were i can decrypt /boot manually and mount it, after that i do an exit and i can boot the system normally
This is my layout and configs
Code:
nvme0n1
├─nvme0n1p1 -> /boot/efi - vFat (Unencrypted)
├─nvme0n1p2 (Encrypted with LUKS1, because of GRUB)
│ └─void_boot -> /boot - EXT4
└─nvme0n1p3 (Encrypted with LUKS2, using Argon2id algorithm)
└─void_sys -> / -> BTRFS (@, @home, @root, @var)
GRUB_DEFAULT=0
#GRUB_HIDDEN_TIMEOUT=0
#GRUB_HIDDEN_TIMEOUT_QUIET=false
GRUB_TIMEOUT=30
GRUB_DISTRIBUTOR="Void"
GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=3 rd.luks.uuid=8505c55a-3e35-4d63-a86f-a7d0c4d743dc root=UUID=fdf140cc-afbd-444a-8601-1afcf116149f rd.luks.allow-discards rd.luks.key=88eca136-19a9-49fa-b9c7-d2a173b5cd76=/boot/unlock.key resume_offset=1145547"
GRUB_ENABLE_CRYPTODISK=y
# Uncomment to use basic console
#GRUB_TERMINAL_INPUT="console"
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
#GRUB_BACKGROUND=/usr/share/void-artwork/splash.png
#GRUB_GFXMODE=1920x1080x32
#GRUB_DISABLE_LINUX_UUID=true
#GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
GRUB_DISABLE_OS_PROBER=true
Why in the world would anyone encrypt /boot? What purpose does that serve? /Boot contains NO user data whatever.
Just because someone cant access the user data, people can tamper GRUB to enter the system, like, its 1 in one million to find someone that knows how to, but i like to follow something that my father says, dont give luck to misfortune (idk if this would mean the same thing in english, but in portuguese is understandable)
That's why /boot can be a separate partition, then one can umount /boot after the machine is up and running. Then it can't be reached because it isn't mounted. Make sure that you mount /boot before you update the kernel or the bootloader.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
