Booting live iso files from encrypted partition

[smacz42]

As explained here I am attempting to boot a live iso that resides in an encrypted partition. However:

But actually it doesn't work because the live scripts can't find the iso image right now by just mounting the encrypted partition (cryptsetup luksOpen etc.). So it will give you strange errors because it doesn't handle the mapping between filesystem and kernel modules right and is not aware of dm-crypt.

Some say that this is possible by booting a kernel (stored in the unencrypted /boot) to use to boot the iso in the encrypted filesystem. Would this patch enable GRUB to map between the filesystem and the kernel modules?

Just a shot in the dark here.

[johnlane]

Hello. If I understand you correctly, you have a encrypted partition containing an iso that you would like to boot. My patches allow Grub to unlock an encrypted partition. Once that is done, its usual commands can be used to boot the iso in the same way as if that partition wasn't encrypted.

That said, note that the decryption done by Grub allows Grub to see the encrypted partition so that it can load any specified kernel, initramfs or iso. The booting operating system must also have access to the filesystems it needs and must unlock any encrypted partitions this requires. The "unlocking" state does not pass from the boot loaded (Grub) to the operating system.

The normal way for the OS (Linux) to unlock encrypted partitions is to include the necessary keys in an initramfs.

You may run into problems if the booting kernel cannot unlock the filesystems it needs. I haven't personally tried to boot an ISO that resides on an encrypted partition.