Detached LUKS header

From: elaexuotee
Date: Sat, 09 Nov 2019 12:27:17 +0900
Installing GuixSD for the first time. On a ThinkPad T400s, to boot!

Anyway, is there a straightforward way to configure a mapping device for LUKS
with a detached header? Otherwise, what's the best way to go about passing
command line options to the initrd cryptsetup call?

For a little context, I like my drive to look just like random data to a third
party; however, the precence of a LUKS header pretty much defeats plausible
deniability of hosting encrypted data. Thus, detached headers.

To that end, with my current non-guix setup, I have /boot and grub sitting on
an external drive, with dracut shoving the LUKS header in the initrd. Then
crypttab references said header, so the initrd cryptsetup call Just Works TM.

If there is a better way to go about setting up a "random noise" drive, I
certainly am open to hearing suggestions! At the end of the day, I am just
looking for a way to have such a drive under GuixSD.

I haven't found anything in the manual, but if I am just missing something
obvious, then forgive the spam.


