cryptsetup is not installed by sudo make requirements

osresearch / safeboot

Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support

https://safeboot.dev/

GNU General Public License v2.0

268 stars 28 forks source link

cryptsetup is not installed by sudo make requirements #154

Open umbernhard opened 2 years ago

umbernhard commented 2 years ago

Because of this, update-initramfs -u fails when trying to copy veritysetup into the initramfs. I think this may be related to some of @sidhussmann's observations about the 5.10 kernel?

sidhussmann commented 2 years ago

@umbernhard just a heads-up: @anhnd mentioned that he fixed it the initramfs hooks for the 5.11 kernel: https://github.com/osresearch/safeboot/issues/93#issuecomment-940679776

umbernhard commented 2 years ago

@sidhussmann looking at his changes (and making them myself), they still don't get around the fact that cryptsetup can't be found (and therefore veritysetup can't be moved). It occurs to me this is possibly due to the fact that I'm not installed with LUKS, but it's a corner case I think should be handled, since the apt install is idempotent.

There is a separate issue where the initramfs, once built, doesn't work, which is maybe what you're talking about?