diff options
author | lethalman <lucabru@src.gnome.org> | 2015-07-04 13:17:54 +0200 |
---|---|---|
committer | lethalman <lucabru@src.gnome.org> | 2015-07-04 13:17:54 +0200 |
commit | 07bdaa97da99d395b295ad506b27bb962552e49e (patch) | |
tree | c341658887bc07c08081ddbb16e5a270a190115d /nixos | |
parent | 2d49c104a396552660796f61898054206b2aa253 (diff) | |
parent | c1becad3eb8b5cef1f0db046295edcab35a5b080 (diff) | |
download | nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar.gz nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar.bz2 nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar.lz nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar.xz nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.tar.zst nixpkgs-07bdaa97da99d395b295ad506b27bb962552e49e.zip |
Merge pull request #8554 from dwe11er/luks-detached-header
allow for using LUKS devices with detached header
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 3799e5d7ddb..1b4f0d401e6 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -5,7 +5,7 @@ with lib; let luks = config.boot.initrd.luks; - openCommand = { name, device, keyFile, keyFileSize, allowDiscards, yubikey, ... }: '' + openCommand = { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, ... }: '' # Wait for luksRoot to appear, e.g. if on a usb drive. # XXX: copied and adapted from stage-1-init.sh - should be # available as a function. @@ -33,6 +33,7 @@ let open_normally() { cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \ + ${optionalString (header != null) "--header=${header}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} } @@ -251,6 +252,16 @@ in description = "Path of the underlying block device."; }; + header = mkOption { + default = null; + example = "/root/header.img"; + type = types.nullOr types.string; + description = '' + The name of the file or block device that + should be used as header for the encrypted device. + ''; + }; + keyFile = mkOption { default = null; example = "/dev/sdb1"; |