Closed awoimbee closed 2 years ago
/boot is not expected to be a separate mount point at this time, but you should be able to add it as a required bind mount in /etc/tukit.conf (see /usr/etc/tukit.conf for an example).
Thanks, it works perfectly, I used this command: (cat /usr/etc/tukit.conf && printf 'BINDDIRS[1]="/boot"\n') > /etc/tukit.conf
.
I also enabled multiversion kernel since I don't have snapshots of /boot anymore: sed -iE 's|#?(multiversion ?=)|\1 provides:multiversion(kernel)|' /etc/zypp/zypp.conf
.
-> Small issue with /etc/zypp/zypp.conf
after a fresh install:
extra (duplicate) multiversion=
right above this line.
multiversion=
multiversion.kernels = latest,latest-1,running
What I'm trying to achieve
Hi, I would like to run Kubic nodes in environments where disk encryption is required, but nodes should be able to reboot by themselves (so no password prompt). The solution seems to be disk encryption with auto unlocking using LUKS2+TPM2 (https://en.opensuse.org/SDB:LUKS2,_TPM2_and_FIDO2#Unencrypted_boot_partition).
The issues
/boot
isrw
: e.g. on a 'normal' system,dracut -f
returnsdracut: No permission to write to /boot.
, here it just does its thing/boot
can't be updated fromtransactional-update shell
(one needs to rundracut -f
from the host system) Example error message fromtransactional-update
:Note: in this case it's possible to
cp /.snapshots/2/snapshot/boot/initrd-5.17.4-1-default /boot/initrd-5.17.4-1-default
.My setup
Here is my current partitionning setup: