Search code, repositories, users, issues, pull requests...
It asks for a passphrase and reboots the system afterward, automatically unlocking the drive on startup using in-memory initramfs patching and kexec. Without explicit consent, no secrets are stored on disk, even temporarily.
Will work properly when using standard passphrase-based disk unlocking. Fancy methods such as using an external USB with a passphrase file will fail.
Currently, cryptreboot depends on initramfs-tools package which is available in Debian-based distributions. Therefore one should expect, this tool to work on Debian, Ubuntu, Linux Mint, Pop!_OS, etc.
Cryptreboot performs operations normally only available to the root user, so it is suggested to use sudo or a similar utility.
In case you are 100% sure LZ4 won't cause problems, you can use --skip-lz4-check command line flag. This will make the error message go away, but you risk automatic disk unlocking at startup to fail randomly.
Instead, the recommended approach is to change the compression algorithm in /etc/initramfs-tools/initramfs.conf file. Look for COMPRESS and set it to some other value such as gzip (the safe choice), or zstd (the best compression, but your kernel and initramfs-tools need to support it).
