nixos-apple-silicon icon indicating copy to clipboard operation
nixos-apple-silicon copied to clipboard

Published 20 hours ago verified publisher icon tpwrules

Guide for LUKS encryption setup

Open cor opened this issue 1 year ago • 9 comments

Currently, the install guide says the following:

We will add a root partition to the remaining free space and format it as ext4. Alternative partition layouts and filesystems, including LUKS encryption, are possible, but not covered by this guide.

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

I did find this guide on how to do it for Fedora Asahi, but it's not 1:1 translatable

cor avatar Oct 14 '23 16:10 cor

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

This worked for me https://github.com/vilvo/mxdots#disk-encryption-with-systemd-boot

vilvo avatar Oct 14 '23 17:10 vilvo

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

This worked for me https://github.com/vilvo/mxdots#disk-encryption-with-systemd-boot

Thanks for sharing! Super excited to try this out tomorrow :)

cor avatar Oct 14 '23 20:10 cor

@vilvo I've followed your guide and after typing reboot the prompt to type the Passphrase shows up, but I am completely unable to use the keyboard. I'm also unable to use the keyboard in earlier stages of the boot process. Have you ran into this issue? Any idea whats going on here?

Screenshot 2023-10-16 at 01 15 44

(Device: 13" M2 Macbook Air with 16GB RAM and 512GB SSD)

EDIT: Plugging in an USB keyboard and typing in my passphrase does work! However, the errors persist and I cannot use my internal keyboard

cor avatar Oct 15 '23 23:10 cor

@cor I'd guess something's incorrect with your initrd kernel modules.

n3oney avatar Dec 21 '23 20:12 n3oney

@cor I'd guess something's incorrect with your initrd kernel modules.

This is probably the case with M2 though I do not know how the keyboard connection differs from M1. @cor - what have you got on these lines in your hardware-configuration.nix

boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];

vilvo avatar Dec 22 '23 08:12 vilvo

I don't have an M2 so it would be hard for me to identify the necessary kernel modules.

If there are additional things to add to boot.initrd.kernelModules to make this work properly, please file a PR.

tpwrules avatar Dec 23 '23 05:12 tpwrules

I have luks working with an m2 air. This is my initrd module config, if its helpful:

  boot.initrd.kernelModules = [
    "usb_storage"
    "usbhid"
    "dm-crypt"
    "xts"
    "encrypted_keys"
    "ext4"
    "dm-snapshot"
  ];

psanford avatar Dec 23 '23 05:12 psanford

I have luks working with an m2 air. This is my initrd module config, if its helpful:

  boot.initrd.kernelModules = [
    "usb_storage"
    "usbhid"
    "dm-crypt"
    "xts"
    "encrypted_keys"
    "ext4"
    "dm-snapshot"
  ];

It is, thank you. It’s the usbhid that does the keyboard magic.

vilvo avatar Dec 23 '23 05:12 vilvo