[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Typing LUKS passphrase only once and a possible solution
|
From: |
Joshua Branson |
|
Subject: |
Re: Typing LUKS passphrase only once and a possible solution |
|
Date: |
Wed, 07 Jul 2021 14:12:26 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Thomas Albers <tgalbers2000@gmail.com> writes:
> Hello everyone,
>
> I recently installed guix on my X200T and through the process I found
> some challenges I was not not solve by myself. Its nothing strictly
> necessary but I would like to solve them nonetheless.
>
> My current setup consists of libreboot, my main luks partition and a
> lvm group inside.
I'm a little jealous. I haven't figured out how to set up an encrypted
/. Did you encrypt your /boot as well!? I've got a osboot-ed T400.
> The problem I mentioned is the necessity of typing the passphrase for
> the luks device twice. Once for the bootloader and again for the
> kernel itself.
I've heard that this is the "most" secure way of booting. Though I'm no
security expert. :)
> In other distributions this is avoided by copying a key file into the
> initramfs and passing the kernel parameter "cryptkey" to linux. So
> naturally the first I tried after not finding any documentation on
> this topic was this, albeit without success.
I don't think that we have a guix-y way of doing this yet. Though I
would love it if we did!
Your other questions have moved past my expertise. I wish I could be
more help. :)
>
> Thomas Albers Raviola
>
--
Joshua Branson (jab in #guix)
Sent from Emacs and Gnus
https://gnucode.me
https://video.hardlimit.com/accounts/joshua_branson/video-channels
https://propernaming.org
"You can have whatever you want, as long as you help
enough other people get what they want." - Zig Ziglar