Full Disk Encryption: Difference between revisions
Add section about SDDM autologin using LUKS password |
m fix consistency with wording "USB stick" and minor typos |
||
Line 46: | Line 46: | ||
== Unattended Boot via USB == | == Unattended Boot via USB == | ||
Sometimes it is necessary to boot a system without needing | Sometimes it is necessary to boot a system without needing a keyboard and monitor. You will create a secret key, add it to a key slot and put it onto a USB stick. | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
Line 55: | Line 55: | ||
=== Option 1: Write key onto the start of the stick === | === Option 1: Write key onto the start of the stick === | ||
This will make the | This will make the USB stick unusable for any other operations than being used for decryption. Write the key onto the stick: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
Line 82: | Line 82: | ||
}</syntaxhighlight> | }</syntaxhighlight> | ||
=== Option 2: Copy Key as file onto a vfat | === Option 2: Copy Key as file onto a vfat USB stick === | ||
If you want to use your stick for other stuff or it already has other keys on it you can use the following method by Tzanko Matev. Add this to your <code>configuration.nix</code>: | If you want to use your stick for other stuff or it already has other keys on it you can use the following method by Tzanko Matev. Add this to your <code>configuration.nix</code>: | ||
Line 100: | Line 100: | ||
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' | boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' | ||
mkdir -m 0755 -p /key | mkdir -m 0755 -p /key | ||
sleep 2 # To make sure the | sleep 2 # To make sure the USB key has been loaded | ||
mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key | mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key | ||
''; | ''; |