Fix: provision: cryptsetup fixes

diff --git a/share/hydractl/provision b/share/hydractl/provision
index bd9303b98559e3146e4e09750fc95bc0645af133..54c92e9254b8d20d95db4512db675e75df5a2914 100755 (executable)
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -55,7 +55,12 @@ function hydra_cryptsetup {
     #hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1
 
     # Run cryptsetup mostly with defaults
-    hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
+    #hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
+
+    # GRUB2 from bullseye (or even older) does not support LUKS2, which seems
+    # the default type for luksFormat since bullseye at least
+    # See https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
+    hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1
   fi
 }
 
@@ -638,8 +643,12 @@ aes
 sha256
 EOF
 
-  if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then
-    hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook
+  #if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then
+  #  hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook
+  #fi
+
+  if [ -d "$WORK/etc/initramfs-tools/hooks.d" ]; then
+    echo "CRYPTSETUP=y" > $WORK/etc/initramfs-tools/hooks.d/cryptsetup.conf
   fi
 
   hydra_sudo_run chroot $WORK update-initramfs -u