I am starting with this post which details the procedure very well WITHOUT encryption:


I have tested this method with an unencrypted installation I made on a USB stick and it worked fine.

However, after installing Kali on another USB stick, having encrypted it (partition scheme below) during the graphic installation process, the ability to 'Boot from GRUB Live' no longer works as it appears the boot partition is encrypted and needs to be decrypted before it can be loaded - when I try to list the contents of the partition it says the filesystem is not recognized; it is the correct partition (right size, boot tag).

I have read that there may be a way to load modules into GRUB so that I can decrypt my partitions there (such as luks.mod, crypto.mod, cryptodisk.mod), but most of those methods relate to regular installations and not a Live disk. It is unclear to me how to update GRUB on the live disk so that it will include the modules to decrypt my other disk on the GRUB command line - I have noticed that these modules even appear to be present (/usr/lib/live/mount/medium/boot/grub/x86_64-efi/). When on the command line I have entered commands such as 'cryptomount -b' and 'cryptomount (hd1,gpt2)' and they return without error but no unencrypted partition becomes visible, nor does it prompt me for the password to unencrypt it.

I am using the Kali 2019.4 release on a MacBookPro 14,2. The installation partition scheme was approximately this:

1: ESP (511M)
2: BOOT (244M) ext2
3: encrypted (28G)
a: LV: root (16G) ext4
b. LV home (10G) ext4
c. LV swap (~4G) swap

I don't want to use rEFind as I don't want it corrupting my Mac's bootloader, which it has always done when I've tried to use it in the past.

Ref1: https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/