[16:29] <l4m8d4> It seems that ubuntu 18.04 server comes, on an EFI system, with a signed version of grub to support secure boot. Now the problem is, this version of grub seems to lack LUKS support, and running grub-install always installs the default signed module, making the system unbootable.
[16:29] <l4m8d4> Making the system unbooatable on a fully encrypted file system, of course. On others, it would work normally
[16:31] <l4m8d4> Is there a way to give ubuntu the ability to sign grub after building it itself, so it doesn't become corrupted on a grub update, for example? So we could create our own certificate, and add it into the system firmware
[16:58] <hehehe> l4m8d4: why don't you use vera crypt?
[16:58] <hehehe> instead of LUKS
[17:02] <l4m8d4> Is that even included in the default package archives and can be used to provide encrypted containers to the system like luks?
[17:10] <l4m8d4> On the official vera crypt page it states on the page "Operating Systems Supported for System Encryption", that ubuntu is not a supported target. So no, it's not an alternative. I don't know if any linux bootloader would even boot from a vera crypt volume.
[17:12] <l4m8d4> As I said, my problem is not really with luks itself, but that the shipped grub binary will not have the necessary modules to open LUKS containers.
[17:44] <hehehe> l4m8d4: you can create vera file as vol
[17:44] <hehehe> as boot from normal grub
[17:44] <hehehe> why is it essential too boot in encrypted way?
[18:15] <l4m8d4> hehehe: It is required because if the machine were to be stolen, or the drives at least, it should be impossible, or at least very hard, to recieve all the files on the system.