Full Disk Encryption: Difference between revisions
Artoria2e5 (talk | contribs) No edit summary |
Artoria2e5 (talk | contribs) |
||
| Line 141: | Line 141: | ||
== Store key on TPM2 or FIDO2 == | == Store key on TPM2 or FIDO2 == | ||
Unattended boot can also happen with TPM2 or FIDO2. This cannot be performed in a fully declarative way because every such security device is unique; some manual running of | Unattended boot can also happen with TPM2 or FIDO2. This cannot be performed in a fully declarative way because every such security device is unique; some manual running of <code>systemd-cryptenroll</code> is required. | ||
For FIDO2, directly read the [https://github.com/NixOS/nixpkgs/blob/7be68f763d94cdb4c809b7980647828e3274a511/nixos/doc/manual/configuration/luks-file-systems.section.md chapter in the official manual]. | For FIDO2, directly read the [https://github.com/NixOS/nixpkgs/blob/7be68f763d94cdb4c809b7980647828e3274a511/nixos/doc/manual/configuration/luks-file-systems.section.md chapter in the official manual]. | ||