NixOS Wiki

Full Disk Encryption: Difference between revisions

← Older editNewer edit →
VisualWikitext
Line 113: Line 113:
A simpler but insecure option for unattended boots is to copy the keyfile into the initrd itself.
A simpler but insecure option for unattended boots is to copy the keyfile into the initrd itself.


Warning: This method is not generally recommended as anyone with physical access to your boot partition will be able to retrieve the key file and use it to decrypt your luks partition. Make sure you understand the security implications.
{{warning|1=This method is not generally recommended as anyone with physical access to your boot partition will be able to retrieve the key file and use it to decrypt your luks partition. Make sure you understand the security implications.}}


First move the key to a safe location.
First move the key to a safe location.
Retrieved from "https://wiki.nixos.org/wiki/Full_Disk_Encryption"