PureBoot Questions

I was looking at the info for this at https://docs.puri.sm/PureBoot.html and was wondering about a few things.

  1. Could a Nitrokey v2 be used to automatically decrypt the hard drives at boot time?
  2. I keep my boot partition on a separate flash drive. Would this still work or what would I need to change to enable it to work?

TIA,
Jamie

  1. yes, but the Nitrokey won’t do the automatic firmware validation via Heads like the Librem Key will. See https://puri.sm/posts/introducing-the-librem-key/ for info on what additional features the Librem key has.

  2. you’re able to set the boot partition, that’s no problem at all

Thank you much :slight_smile:

I tried running the script for luks on my laptop, a Librem 13v3, but it gives me an error saying “No valid root device found! Aborting!”.

This is as sudo using the full path to the script and my pubkey. I also checked /boot & it is only ~7% full.
Not sure what to check next so any help would be much appreciated

edited to add:
I’m running an up to date debian testing and /boot is on the unencrypted part of my nitrokey storage.

well, looking at the script, I’d add a few echo outputs in there to see what each of the variables is being set to, and then figure out why it’s not able to parse out the root device. And/or running the commands manually and looking at /etc/fstab and /etc/crypttab to see what the expected outputs are. I don’t have a librem/nitrokey here ATM to test myself

Didn’t have much time to look at this again until a few days ago but I finally got it to work. It seems that the script couldn’t find the correct entry when everything was setup using encrypted lvm so I reinstalled and created separate LUKS partitions for / , /home, /var, /tmp, and swap. After this everything worked fine.