Add link to a guide/document for encrypted /boot

Namely https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html ,
maintained by the Debian cryptsetup packaging team.

Cf. #927165

1 files changed, 7 insertions, 4 deletions

diff --git a/en/using-d-i/modules/partman-crypto.xml b/en/using-d-i/modules/partman-crypto.xml
index 26e14b85d..ee3cd9554 100644
--- a/en/using-d-i/modules/partman-crypto.xml
+++ b/en/using-d-i/modules/partman-crypto.xml
@@ -25,10 +25,13 @@ be of interest. For example <filename>/var</filename> where database
 servers, mail servers or print servers store their data, or
 <filename>/tmp</filename> which is used by various programs to store
 potentially interesting temporary files. Some people may even want to
-encrypt their whole system.  The only exception is
-the <filename>/boot</filename> partition which must remain
-unencrypted, because currently there is no way to load the kernel from
-an encrypted partition.
+encrypt their whole system. Generally the only exception here is the
+<filename>/boot</filename> partition which must remain unencrypted,
+because historically there was no way to load the kernel from an encrypted
+partition. (GRUB is now able to do that, but &d-i; currently lacks native
+support for encrypted <filename>/boot</filename>. The setup is therefore
+covered in a
+<ulink url="https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html">separate document</ulink>.)
 
 </para><note><para>