GRUB2 with LUKS
It’s a very common setup and poorly documented on the web.
I’ll be using Slackware in this example, but GRUB is used in many, many distros.
- UEFI replaced BIOS years ago. People still call everything BIOS, but if it was made lately, your computer is probably UEFI.
- GPT replaced MBR years ago as the default partition scheme. MBR refuses to die, but again, most recent systems are GPT.
- I’m saying GRUB2 to be specific, but the original GRUB is rarely seen on new systems, so ‘GRUB’ and ‘GRUB2’ mean the same thing here.
At this point, you’ve installed Slackware, hit
[esc], and you’re looking at a terminal prompt.
I’m using the editor VI here because it’s included on the Slackware iso
- since it’s not universally known or loved, I’ll give VI commands for newbs
I’m assuming your new Slackware install is mounted at
/mnt and the efi partition is at
First we’ll chroot into the new install:
mount -t proc /proc /mnt/proc mount --rbind /dev /mnt/dev mount --rbind /sys /mnt/sys mount --rbind /run /mnt/run chroot /mnt
- Next we’ll make an initrd.gz
sh /usr/share/mkinitrd/mkinitrd_command_generator.sh -l /boot/vmlinuz-generic
this will produce a long, ugly output… you need to re-write verbatim everything inside the single quotes
mkinitrd -c ... /boot/initrd.gz) in your terminal prompt.
enterand you’ll build an intrd.gz on /boot as indicated
Next we’ll edit the grub config file:
vi /etc/default/grub --> press i to enter text Add this as a final line for GRUB2.0: GRUB_CRYPTODISK_ENABLE=y In GRUB2.02 the syntax is reversed: GRUB_ENABLE_CRYPTODISK=y How to know which is which? If you pick wrong, you'll just get an error in Step 5. Come back to this step and fix it. --> press [esc] to exit text entry mode --> :w to save and :q to quit
- Next we’ll commit GRUB’s config:
mkdir -p /boot/grub grub-mkconfig -o /boot/grub/grub.cfg
Finally, we’ll install GRUB:
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="Slackware" --recheck
- you can name the bootloader-id anything you want
- No errors? Reboot!
- You’ll need to enter your LUKS password twice during boot.