Full Disk Encryption: Difference between revisions

Add section about SDDM autologin using LUKS password
Pigeon (talk | contribs)
m fix consistency with wording "USB stick" and minor typos
 
Line 46: Line 46:
== Unattended Boot via USB ==
== Unattended Boot via USB ==


Sometimes it is necessary to boot a system without needing an keyboard and monitor. You will create a secret key, add it to a key slot and put it onto an USB stick.
Sometimes it is necessary to boot a system without needing a keyboard and monitor. You will create a secret key, add it to a key slot and put it onto a USB stick.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 55: Line 55:
=== Option 1: Write key onto the start of the stick ===
=== Option 1: Write key onto the start of the stick ===


This will make the usb-stick unusable for any other operations than being used for decryption. Write the key onto the stick:
This will make the USB stick unusable for any other operations than being used for decryption. Write the key onto the stick:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 82: Line 82:
}</syntaxhighlight>
}</syntaxhighlight>


=== Option 2: Copy Key as file onto a vfat usb stick ===
=== Option 2: Copy Key as file onto a vfat USB stick ===


If you want to use your stick for other stuff or it already has other keys on it you can use the following method by Tzanko Matev. Add this to your <code>configuration.nix</code>:
If you want to use your stick for other stuff or it already has other keys on it you can use the following method by Tzanko Matev. Add this to your <code>configuration.nix</code>:
Line 100: Line 100:
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
     mkdir -m 0755 -p /key
     mkdir -m 0755 -p /key
     sleep 2 # To make sure the usb key has been loaded
     sleep 2 # To make sure the USB key has been loaded
     mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key
     mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key
   '';
   '';