Question:
Hey I like the added security provided using LUKS2 encryption Lubuntu uses, can I have still have an encrypted /boot directory on a LUKS encrypted disk if I use Manual Partitioning to setup the partitions as I really want them.
Answer:
Quoting Aaron Rainbolt here
All Ubuntu flavors use Canonical’s build of GRUB (naturally), and Canonical explicitly does not support /boot being located on an encrypted partition. It actually creates additional security risks to do so as Canonical doesn’t test the code that handles encrypted /boot.
Whilst in the bug report I’m quoting, Aaron gives a clue as to how this may be possible, however we do not recommend you have /boot on an encrypted partition, unless you use the ‘erase disk and install’ feature as we’ve setup.
links
- /srv/irclogs.ubuntu.com/2019/04/08/#ubuntu-devel.txt
- /srv/irclogs.ubuntu.com/2023/11/30/#lubuntu-devel.txt
- system installation - Can't install Kubuntu 24.04 or Lubuntu 24.04 in encrypted partition - Ask Ubuntu
- Bug #2064909 “Lubuntu and Kubuntu 24.04 fail to decrypt on boot ...” : Bugs : calamares package : Ubuntu
- /srv/irclogs.ubuntu.com/2024/05/08/#lubuntu-devel.txt