So here's what I'm trying to do:

I've left some free space on the main ssd of my laptop so I want to install a second distro there in an encrypted LVM and put the /boot partition on a USB stick so that the stick is needed to boot the system, otherwise it boots into the main Debian system on the ssd without any indication that there is another OS on this computer...

I'm using Parrot OS which is based on Debian so has a very similar installer. I've created a new partition with encrypted LVM in the free space on the ssd for / and swap in logical volumes and created a 1GB partition on a USB stick for /boot and set the mount points accordingly in the partitioner. And I did set the bootable flag on /boot. During install, I'm asked if I want to install GRUB to the MBR of the first disk. I choose 'no' and get a list of devices to choose manually where to put it. I choose the USB drive with /boot on it...

Trying to boot the system after install, I open the boot menu in the firmware and choose the USB drive. From here, apparently, no bootable device is found so it boots the main Debian system instead...

I've read of systems being setup this way in the past and thought it wouldn't be problematic but something isn't working and the computer will not boot the new OS. Did I miss something or is it not possible to boot a system configured this way?

Thanks in advance.

I'm not following your plans exactly, but this may help:

The bios boots a usb drive by starting at the first sector, and the iso has to be able to handle that, and meet it with a kernel. If it encounters a partition table it will puke.

When you go through grub and try to load a kernel on the usb drive, that will puke. It's looking for an internal drive, and can't access the BIOS code. So it's a Catch-22. There's loads of threads here on this. Search them.

1 members found this post helpful.

Hi rijo79
It's an interesting concept. I cannot describe exact procedure on how to do it but the principle should be strait forward.
Go into the bios (Del,F2) and locate the boot order. Change the boot order from HD to USB. Your flash drive is searched first and HD next.
Grub. You say will installing another Linux distribution. In this case going through installation selecting manual (Partitioning the disk) will allow to select the disk to put grub on. In this case your USB flash drive. Now reboot and see what happens. At least one of your installations should come up. Using update-grub I gain access to external drives but I get multiple from grub which every time the kernel update I have to update-grub to get the boot options again.
See how it goes.
Regards
Ray

Usually you can access grub on this flash drive to correct or find the bootable media. The problem I suspect is that when you installed your covert distro and tried to set the usb as loader and or /boot it now changed when you rebooted to select usb. Just fix your loader and maybe then off to other naming.

Grub(2) has a command line to select usually. Guess it is possible you are trying a different loader too.

A separate partition - especially an encrypted one is a dead giveaway.

Why not have an encrypted main distro which contains a differently encrypted hidden data volume?
You could give away the keys to the main distro without necessarily compromising your hidden vault.

Is this an efi system? If yes create two partitions on the usb.
The first a 300mb partition fat32 flagged as esp mounted at /boot/efi. The second an ext4 partition at least 512mb mounted at /boot

I also do not fully understand your issue.
What I understood is that you can boot into grub on your USB stick, but not into the encrypted partition.

What I recall it's that you can use the grub commands line to get the current disks and partitions. You could check if it is there.
If it is not recognized by grub you might need to increase grub's awareness of other position types.
It used to have multiple stages of the bootloader in which the later stages are bigger and support more different peripherals.

If grub is aware of the partition and you can issue a boot command that fails, you might want to look into initial ram disks (initrd).

Welp, got it fixed... Here's how:

I setup a recovery environment while logged into the Debian system by mounting the encrypted partition and boot partition first, then mounting needed parts of the Debian system into the mounted root partition for the disabled system.. For the encrypted partition, I simply opened it in a file manager and was prompted for the encryption key and my root password. The rest is as follows, using the UUID of the encrypted partition:

Using the UUID of the partition, I chrooted into the partition with:

Then ran:

I then rebooted, chose the USB drive from the boot menu and it worked... An important detail is that you install GRUB to /dev/sdc, not /dev/sdc1.. It goes to the MBR, not the first partition...

It seems the installer just isn't capable of setting up GRUB properly in this manner and it just needs a re-install after completing the system install...

2 members found this post helpful.

" An important detail is that you install GRUB to /dev/sdc, not /dev/sdc1."

Loaders and installers have been subjecting linux users to this problem for decades. There usually is some advanced install path on top end distro's to be more precise on all locations.