On Sat, Feb 12, 2022 at 09:36:45AM +1100, David wrote:
I'm not really paying attention to the latest capabilites that the
installer might have, or to what any other distros are doing, but when
I have attempted this in the past it appeared to me that the Debian
installer does not directly support installing a fresh installation
into a previously created LUKS encrypted volume.
However it is certainly "possible" with some complicated tricks, and
if you are prepared to risk accidentally destroying the whole
encrypted volume if you make a mistake. That's what happened to me the
first time I tried it. But I have adequate backups and alternative
machines, so that didn't bother me.
It is possible to trick the installer into opening the existing
encrypted volume. Then (with numerous fiddly steps and using great
caution not to make a mistake) the installer can then install into a
new partition inside that, in the usual way.
However the installation it creates will be broken and likely not
bootable. Because we have tricked the installer beyond what it
understands, it makes many mistakes. There will be problems with grub,
with the cryptsetup configuration, and with the initramfs. That all
then needs to be fixed by rebooting into an alternative environment
that has cryptsetup tools available. Maybe the installer rescue system
is capable of doing that, but I'm not sure because ...
Indeed. I did some further searching (it's not an easy thing to search
for), and ended up finding the following document:
https://consolematt.wordpress.com/2013/06/19/reinstalling-debian-on-existing-lukslvm-partition/
I tested it on a VM inside QEMU, and it worked.
So, basically, once we reach the point where we detect the hard drive,
we need to drop to the shell, install additional software into the
installation environment, and then run the commands to configure the
already existing volume group and logical volumes. After that, we can
return to the installer, and partman will see everything. We can then
configure the proper mounts, and go on with the rest of the standard
installation steps.
However, as you explained, the installation is not bootable, it fails to
recognize the encrypted volume group, and it just drops to the initramfs
prompt. However, from there, we can run the commands documented in that
blog entry, and it all works.