GNU bug report logs -
#65002
[PATCH 0/2] Add support for unlocking root device via a key file
Previous Next
Reported by: Tomas Volf <~@wolfsden.cz>
Date: Tue, 1 Aug 2023 21:08:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #20 received at 65002 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
I can confirm, the patches work for me but as I'm still quite ignorant about Guile and Guix, examples would have helped a lot.
;; Use the UEFI variant of GRUB with the EFI System
;; Partition mounted on /boot/efi.
;; /root in /root/key-file.cpio refers to the
;; /dev/mapper/enc btrfs root subvolume and not the home of root.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader-luks2)
(targets '("/boot/efi"))
(keyboard-layout keyboard-layout)
(extra-initrd "/root/key-file.cpio")))
;; Specify a mapped device for the encrypted root partition.
;; The UUID is that returned by 'cryptsetup luksUUID'.
(mapped-devices
(list (mapped-device
(source (uuid "e3746b32-8e74-43b0-a111-78c3ea4436cf"))
(target "enc")
(type (luks-device-mapping-with-options #:key-file "/key-file.bin")))))
The snipped from https://issues.guix.gnu.org/55723#0 also needed a some changes.
I had to swap line 2 with 3, I switched ext2 with btrfs and the different format for the uuid ticked me as well.
But now I have a booting system and the passphrase only gets asked for once.
Thanks,
Dominik
[1] full config.scm: https://paste.debian.net/1288436/
[publickey - driva@protonmail.ch - 0x1019089F.asc (application/pgp-keys, attachment)]
[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 1 year and 123 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.