[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Typing LUKS passphrase only once and a possible solution

From: Joshua Branson
Subject: Re: Typing LUKS passphrase only once and a possible solution
Date: Wed, 07 Jul 2021 14:12:26 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Thomas Albers <> writes:

> Hello everyone,
> I recently installed guix on my X200T and through the process I found
> some challenges I was not not solve by myself. Its nothing strictly
> necessary but I would like to solve them nonetheless.
> My current setup consists of libreboot, my main luks partition and a
> lvm group inside.

I'm a little jealous.  I haven't figured out how to set up an encrypted
/.  Did you encrypt your /boot as well!?  I've got a osboot-ed T400.

> The problem I mentioned is the necessity of typing the passphrase for
> the luks device twice. Once for the bootloader and again for the
> kernel itself.

I've heard that this is the "most" secure way of booting.  Though I'm no
security expert.  :)

> In other distributions this is avoided by copying a key file into the
> initramfs and passing the kernel parameter "cryptkey" to linux. So
> naturally the first I tried after not finding any documentation on
> this topic was this, albeit without success.

I don't think that we have a guix-y way of doing this yet.  Though I
would love it if we did!

Your other questions have moved past my expertise.  I wish I could be
more help.  :)

> Thomas Albers Raviola

Joshua Branson (jab in #guix)
Sent from Emacs and Gnus
  "You can have whatever you want, as long as you help
enough other people get what they want." - Zig Ziglar

reply via email to

[Prev in Thread] Current Thread [Next in Thread]