[coreboot] Booting live OS from encrypted LUKS partition in GRUB2
Klemens Nanni
kl3 at posteo.org
Sat Sep 30 14:56:07 CEST 2017
On Sat, Sep 30, 2017 at 08:37:55AM +0000, Thomasheidler via coreboot wrote:
> I have GRUB2 as a payload in coreboot and I am trying to have it load Trisquel 7.0 Live (Test Trisquel without installing) from an encrypted LUKS partition on a USB flash drive. I am able to decrypt the LUKS container and GRUB finds the Trisquel ISOLINUX menu, but fails to load the OS. When I try to manually boot it with commands (linux, initrd, boot) it starts loading the kernel, but then halts when it detects the USB flash drive and drops into BusyBox.
Live setups do not support encrypted root file systems, that's why Trisquel
fails here and you're dropping to the initramfs's rescue shell.
> Does anybody know how to overcome this problem and properly boot Trisquel in live mode from an encrypted LUKS partition in GRUB?
Encrypted disks are decrypted twice during boot: First GRUB2 needs to read the
kernel image (and initramfs), second the kernel reads / (and all other required
file systems).
These stages are completely separate, there's no way of passing state between
bootloader and kernel.
Put your live system on a USB stick as usual or install it properly using disk
encryption, that's all you got.
More information about the coreboot
mailing list