[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#65002] [PATCH 0/2] Add support for unlocking root device via a key
|
From: |
Dominik Riva |
|
Subject: |
[bug#65002] [PATCH 0/2] Add support for unlocking root device via a key file |
|
Date: |
Thu, 10 Aug 2023 00:22:45 +0000 |
Hi,
I can confirm, the patches work for me but as I'm still quite ignorant about
Guile and Guix, examples would have helped a lot.
;; Use the UEFI variant of GRUB with the EFI System
;; Partition mounted on /boot/efi.
;; /root in /root/key-file.cpio refers to the
;; /dev/mapper/enc btrfs root subvolume and not the home of root.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader-luks2)
(targets '("/boot/efi"))
(keyboard-layout keyboard-layout)
(extra-initrd "/root/key-file.cpio")))
;; Specify a mapped device for the encrypted root partition.
;; The UUID is that returned by 'cryptsetup luksUUID'.
(mapped-devices
(list (mapped-device
(source (uuid "e3746b32-8e74-43b0-a111-78c3ea4436cf"))
(target "enc")
(type (luks-device-mapping-with-options #:key-file
"/key-file.bin")))))
The snipped from https://issues.guix.gnu.org/55723#0 also needed a some changes.
I had to swap line 2 with 3, I switched ext2 with btrfs and the different
format for the uuid ticked me as well.
But now I have a booting system and the passphrase only gets asked for once.
Thanks,
Dominik
[1] full config.scm: https://paste.debian.net/1288436/
publickey - driva@protonmail.ch - 0x1019089F.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature