Full Disk Encryption: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>MrVanDalo
mNo edit summary
imported>Chexier
Update boot.initrd.luks.devices configuration
Line 27: Line 27:
   "..."
   "..."


   boot.initrd.luks.devices = [
   boot.initrd.luks.devices = {
    {  
       luksroot = {
       name = "luksroot";
        device = "/dev/disk/by-id/<disk-name>-part2";
      device = "/dev/disk/by-id/<disk-name>-part2";
        allowDiscards = true;
      allowDiscards = true;
        keyFileSize = 4096;
      keyFileSize = 4096;
        # pinning to /dev/disk/by-id/usbkey works
      # pinning to /dev/disk/by-id/usbkey works
        keyFile = "/dev/sdb";
      keyFile = "/dev/sdb";
      };
    }
   };
   ];
}</syntaxhighlight>
}</syntaxhighlight>
As of right now (2017-08-18) the NixOS options do not provide means to hide a key after the MBR as described in [https://bbs.archlinux.org/viewtopic.php?id=158507 this article in the archlinux forums]. More specificially you will need to be able to provide a keyOffset
As of right now (2017-08-18) the NixOS options do not provide means to hide a key after the MBR as described in [https://bbs.archlinux.org/viewtopic.php?id=158507 this article in the archlinux forums]. More specificially you will need to be able to provide a keyOffset
Line 112: Line 111:
     };
     };
     boot.loader.efi.efiSysMountPoint = "/boot/efi";
     boot.loader.efi.efiSysMountPoint = "/boot/efi";
     boot.initrd.luks.devices = [
     boot.initrd.luks.devices = {
      {
         root = {
         name = "root";
          device = "/dev/disk/by-uuid/TODO";
        device = "/dev/disk/by-uuid/TODO";
          preLVM = true;
        preLVM = true;
        };
      }
    };
  ];
</syntaxhighlight>
</syntaxhighlight>
= zimbatm's laptop recommendation =
= zimbatm's laptop recommendation =
Retrieved from "https://wiki.nixos.org/wiki/Full_Disk_Encryption"