1. Forum
  2. USENET
  3. alt.os.linux.slackware

  • encrypted root and initrd/GRUB

    From Marco Moock@mm@dorfdsl.de to alt.os.linux.slackware on Sun Sep 21 09:44:11 2025
    From Newsgroup: alt.os.linux.slackware

    Hello!

    I plan to install Slackware with encrypted root using GRUB (no LVM at
    this time).

    https://slackware.uk/slackware/slackware-15.0/README_CRYPT.TXT

    That mentions that I need to create a special initrd for that case.

    This specifies a kernel version. What happens when the kernel is being
    updated and the old one removed?

    Do I need to issue this command every time I update a kernel?

    What happens to GRUB?
    Does it need special handling of that case?
    Is running grub2-mkconfig enough, like with unencrypted root?
    --
    kind regards
    Marco

    Send spam to 1758440371muell@stinkedores.dorfdsl.de

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Henrik Carlqvist@Henrik.Carlqvist@deadspam.com to alt.os.linux.slackware on Sun Sep 21 12:54:24 2025
    From Newsgroup: alt.os.linux.slackware

    On Sun, 21 Sep 2025 09:44:11 +0200, Marco Moock wrote:
    This specifies a kernel version. What happens when the kernel is being updated and the old one removed?

    Example from the Slackware 15.0 ChangeLog.txt:

    -8<-----------------------------------------------
    +--------------------------+
    Fri Sep 12 22:15:36 UTC 2025
    ...
    patches/packages/linux-5.15.193/kernel-generic-5.15.193-x86_64-1.txz: Upgraded.
    ...
    Be sure to upgrade your initrd after upgrading the kernel packages.
    If you use lilo to boot your machine, be sure lilo.conf points to the
    correct kernel and initrd and run lilo as root to update the bootloader.
    If you use elilo to boot your machine, you should run eliloconfig to
    copy the kernel and initrd to the EFI System Partition. -8<-----------------------------------------------

    So, if you are using an initrd you will need to update that one at each
    kernel upgrade regardless of any root file system encryption.

    I hope someone more familiar with grub will be able to answer your other question.

    regards Henrik
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Marco Moock@mm@dorfdsl.de to alt.os.linux.slackware on Sun Sep 21 16:16:34 2025
    From Newsgroup: alt.os.linux.slackware

    On 21.09.2025 12:54 Uhr Henrik Carlqvist wrote:

    So, if you are using an initrd you will need to update that one at
    each kernel upgrade regardless of any root file system encryption.

    Now the next question occurs:

    Do I really need an initrd in the case /boot is just a regular ext4
    partition, so the kernel can be loaded without using LUKS?

    I would prefer the simplest way to achieve that.
    --
    kind regards
    Marco

    Send spam to 1758452064muell@stinkedores.dorfdsl.de

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Henrik Carlqvist@Henrik.Carlqvist@deadspam.com to alt.os.linux.slackware on Mon Sep 22 03:26:22 2025
    From Newsgroup: alt.os.linux.slackware

    On Sun, 21 Sep 2025 16:16:34 +0200, Marco Moock wrote:
    Do I really need an initrd in the case /boot is just a regular ext4 partition, so the kernel can be loaded without using LUKS?

    From https://slackware.uk/slackware/slackware-15.0/README_CRYPT.TXT :

    -8<--------------------------------
    A big NOTE finally. When you encrypt your root filesystem, you will have
    to make sure that there will be at least one (small) partition which is
    left unencrypted. This partition must contain the kernel(s) you want to
    boot from, and the initrd image that is needed with encrypted volumes.
    You need to install LILO either to the MBR - or if that is not possible,
    into the root sector of this small unencrypted partition. You will
    probably guess why we cannot use an encrypted partition for this... -8<--------------------------------

    So yes, to encrypt your root file system it seems that you do need an
    initrd. If you only were to encrypt something like the /home partition it would have been enough to boot a huge kernel without any initrd.

    regards Henrik
    --- Synchronet 3.21a-Linux NewsLink 1.2