Message ID | cover.1690922760.git.wolf@wolfsden.cz |
---|---|
Headers | show |
Series | Add support for unlocking root device via a key file | expand |
Hi, I can confirm, the patches work for me but as I'm still quite ignorant about Guile and Guix, examples would have helped a lot. ;; Use the UEFI variant of GRUB with the EFI System ;; Partition mounted on /boot/efi. ;; /root in /root/key-file.cpio refers to the ;; /dev/mapper/enc btrfs root subvolume and not the home of root. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader-luks2) (targets '("/boot/efi")) (keyboard-layout keyboard-layout) (extra-initrd "/root/key-file.cpio"))) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. (mapped-devices (list (mapped-device (source (uuid "e3746b32-8e74-43b0-a111-78c3ea4436cf")) (target "enc") (type (luks-device-mapping-with-options #:key-file "/key-file.bin"))))) The snipped from https://issues.guix.gnu.org/55723#0 also needed a some changes. I had to swap line 2 with 3, I switched ext2 with btrfs and the different format for the uuid ticked me as well. But now I have a booting system and the passphrase only gets asked for once. Thanks, Dominik [1] full config.scm: https://paste.debian.net/1288436/