Hi, I work off two USB's when on the road. First is created with grml2usb on 2011.05 and a GRMLCFG partition for persistence. Second is created with grml-crypto for for /home/someuser and /etc/vault. I was about to re-script what I do manually at boot when I discovered grub2 development tree now has a luks.mod (testing needed & i'm willing). I have built it from src and installed into grml-chroot on a squeeze host. I expect to use grml-live per remastering instructions and then grml2usb.

GOAL; Phase 1 usb layout; 1 Meg unencrypted boot/decrypt area remainder fat16 encrypted /boot. grml & grml64. Phase 2 Unencrypted boot/decrypt area Remanider lvm2/luks encrypted (for single passphrase at boot) grml2usb partition with several flavors GRMLCFG partition home-rw live-rw home-sn (live-snapshots) live-sn.

I plan to contribute it back as either a --luks option on grml2usb or seporate script.

Have I missed any issues in reasearch you are aware of ? Is this approach logical ? Any pointers on how to proceede from chroot to usb ? I'm open to any suggestions and could post bata of process as it would need to be tested on more hardware than I have available.

Thanks for your input, Charles