Full Disk Encryption: Difference between revisions
imported>Mic92 m fix cases... |
imported>Kasimon Update luks config syntax for nixos 20.04 |
||
| Line 38: | Line 38: | ||
}</syntaxhighlight> | }</syntaxhighlight> | ||
As of right now (2017-08-18) the NixOS options do not provide means to hide a key after the MBR as described in [https://bbs.archlinux.org/viewtopic.php?id=158507 this article in the archlinux forums]. More specificially you will need to be able to provide a keyOffset | As of right now (2017-08-18) the NixOS options do not provide means to hide a key after the MBR as described in [https://bbs.archlinux.org/viewtopic.php?id=158507 this article in the archlinux forums]. More specificially you will need to be able to provide a keyOffset | ||
With NixOS 20.04 the syntax has changed slightly: | |||
<syntaxhighlight lang="nix">{ | |||
"..." | |||
boot.initrd.luks.devices.luksroot = { | |||
device = "/dev/disk/by-id/<disk-name>-part2"; | |||
allowDiscards = true; | |||
keyFileSize = 4096; | |||
# pinning to /dev/disk/by-id/usbkey works | |||
keyFile = "/dev/sdb"; | |||
}; | |||
}</syntaxhighlight> | |||
== Option 2: Copy Key as file onto a vfat usb stick == | == Option 2: Copy Key as file onto a vfat usb stick == | ||