Hello Josselin and Lars-Dominik Josselin Poiret via Bug reports for GNU Guix writes: [...] >> Supposedly there are also patches for grub-mkimage, but maybe we can >> include a workaround like the above by default until then or remove the >> section about LUKS2 entirely? > > Thank you for posting this bug and sorry for taking so long with this. > I'd suggest that we instead add a warning that `/boot/` must be > unencrypted for LUKS2+GRUB to work for now, possibly pointing to this > bug. As Josselin wrote in the proposed patch, actually /boot/ on LUKS1 is working well In case it is helpful, it's possible to "Downgrade" a LUKS2 volume to LUKS1, I found this guide useful: https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html [...] > to include. My approach at [1] is to ask device-mapper directly, but > there are also other patches trying various other methods, and the > consensus now seems to be that each patch does one thing well and that > we should combine all of the good parts. Thank you very much for the update and the work on GRUB! Please is there any upstream (GRUB) bug report we can point to in this one so we can follow the situation and know when upsstream will release the patch? [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures