Hello everyone,
I’m currently evaluating MicroOS for a server installation where I want to use full disk encryption while also being able to unlock the system via SSH on boot and have the neat full system snapshot feature working.
I found this to add sshd to the initrd. But in my test installation I could not use the partitioning scheme created by the installer for this. When enabling encryption the installer creates an encrypted partition that contains the root btrfs filesystem including /boot. So on boot I have to enter the encryption password in grub before initrd even starts. To circumvent that I created a separate unencrypted partition that contains /boot. In this case it seems the system snapshots don’t contain the kernel and initrd image even if the /boot filesystem is also btrfs.
So is there a way to have full /boot snapshots working if it resides on a separate btrfs filesystem from the root fs? Or is there another way to achieve unlockability on boot via SSH while retaining full snapshot functionality?
Thanks!