Hi all,

I posted the following on a different forum, but I have tried it with Hyperbola and it works just as well.

I work mostly in the console, so I usually run my server VMs with serial console output only. More recently I have begun to fully encrypt the whole os, without a separate /boot partition. All went well until I realized that the cryptomount command which is called by Grub, is executed before the serial console initialization and as a result the prompt to enter the passphrase was not being passed to the serial console. I started working to fix the problem only to find out that as far as I could see, there were no simple clear examples of how to solve this specific problem. So here I am trying to detail how I fixed the problem in case this is useful to anyone else.

Cheers, and please feel free to correct/improve my post.

NOTE:

* My setup uses BIOS/MBR, but should also work for UEFI with small tweaks.
* I assume that the reader already knows how to configure grub to display in the serial console.
* Check your grub.cfg carefully for all the modules that need to be preloaded in the core.img ... i.e. luks2 vs luks
* A subsequent grub-install will blow out this configuration and it will no longer work.

I worked out the solution based on information provided by these two links:

https://wiki.archlinux.org/title/GRUB/Tips_and_tricks
https://cryptsetup-team.pages.debian.ne

    ----------------- early-grub.cfg ----------------------------------
    serial --unit=0 --speed=9600
    terminal_output serial
    terminal_input serial

    cryptomount -u YOUR_UUID

    set root=(cryptouuid/YOUR_UUID)
    set prefix=/boot/grub
    configfile grub.cfg
    ----------------------------------------------------------------------------

grub-mkimage -c early-grub.cfg  -o /boot/grub/i386-pc/core.img -O i386-pc biosdisk cryptodisk ext2 gcry_rijndael gcry_sha256 gzio luks part_gpt part_msdos serial terminal configfile keylayouts at_keyboard 
grub-bios-setup -d /boot/grub/i386-pc/ /dev/YOUR_DISK