help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

luks device keyfile passed but still ask for passphrase during boot


From: Thomas Bennett
Subject: luks device keyfile passed but still ask for passphrase during boot
Date: Mon, 20 May 2024 20:07:43 +0200
User-agent: Mozilla Thunderbird

Hello Guix comunity,

I would like to be able to mount external encrypted disk pasing key-files located in the root partition. Thus it would prevent me to open those external disks manually by entering passphrases during the boot sequence.  Keeping only the passphrase for the root partition is fine for now.

I have the following in my config.scm file regarding mapping and mounting one of the external disks, a backup one:

 (mapped-devices (list (mapped-device
                        (source (uuid "$ROOT_PARTION_UUID"))
                        (target "$ROOT_PARTITION_MAPPED_NAME")
                        (type luks-device-mapping))
                       (mapped-device
                        (source (uuid "$BACKUP_PARTITION_UUID"))
                        (target "$BACKUP_PARTITION_MAPPED_NAME")
                        (type (luks-device-mapping-with-options
                               #:key-file "$BACKUP_PARTITION_KEY_FILE_PATH")))))


 (file-systems (cons* (file-system
                       (mount-point "$BOOT_PARTITION_MOUNTPOINT")
                       (device (uuid "$BOOT_PARTITION_UUID" 'fat32))
                       (type "vfat"))
                      (file-system
                       (mount-point "$ROOT_PARTITION_MOUNTPOINT")
                       (device "/dev/mapper/$ROOT_PARTITION_MAPPED_NAME")
                       (type "ext4")
                       (dependencies mapped-devices))
                      (file-system
                       (create-mount-point? #t)
                       (mount-point "$BACKUP_PARTITION_MOUNTPOINT")
                       (type "ext4")
                       (device "/dev/mapper/$BACKUP_PARTITION_MAPPED_NAME")
                       (dependencies mapped-devices))
                      %base-file-systems)))

And it doesn't work. The configuration loads, but when I boot the system, it seems to be unable to find the key file because it stills asks for my passphrase to unlock the backup partition.

May it be possible that the root partition is not yet mounted when the system tries to map the backup partition? If so, It would explain why it doesn't find the key file and asks for my passphrase.

Do you know how to further investigate and/or what's wrong with the config and how to achieve the expected result?

Thank you,
Best,
Thomas


reply via email to

[Prev in Thread] Current Thread [Next in Thread]