From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id KPlBC5nY5WAnagEAgWs5BA (envelope-from ) for ; Wed, 07 Jul 2021 18:38:49 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uObwBpnY5WBVRAAA1q6Kng (envelope-from ) for ; Wed, 07 Jul 2021 16:38:49 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5E2642465E for ; Wed, 7 Jul 2021 18:38:48 +0200 (CEST) Received: from localhost ([::1]:41444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m1AZT-0006my-E8 for larch@yhetil.org; Wed, 07 Jul 2021 12:38:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50022) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1A1j-0005UZ-Dn for help-guix@gnu.org; Wed, 07 Jul 2021 12:03:55 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]:35779) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1m1A1h-0005N2-IF for help-guix@gnu.org; Wed, 07 Jul 2021 12:03:55 -0400 Received: by mail-wm1-x330.google.com with SMTP id k31-20020a05600c1c9fb029021727d66d33so355521wms.0 for ; Wed, 07 Jul 2021 09:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:from:to:subject:date:message-id:mime-version; bh=w8NKJdfeOZagORV34KcbjpN3OIm02h4jO+nz2HBwvtg=; b=B1mstJGtzIaxuaYCyWx7M67WcVT3qZ4CH9oKGWQhtS+ALA832jnt9qxkcE1WR2vtrr O/4Swi6diIeqpQsRlaRJeUkwDSjbr5OEraYmGOGXBL7OHv4oAn4Ad9X+B5TbX1Vdbge+ yciU/pHi5f71U4wgzoMB6cwuC/Z8G76UOZrpirkCkhhJKOYI7pwjmSJrTpq8+WlW+yFL dC2jZ3Q4NNc3/fye3qzp730RbzuCGgs3sqlGEai7w64RGSxB+n5mFiF3IhPv5PpIS7Rn zIWvLAk0wnTOf23xL3H6YT9tFELDGB8Fa+pj+DJUoHwr4OR+Hl0OwQOTlnrM5XYEaTRi 18cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:from:to:subject:date:message-id :mime-version; bh=w8NKJdfeOZagORV34KcbjpN3OIm02h4jO+nz2HBwvtg=; b=ucNX7U/gvkc0d7GnQAME1LkRy7Si+73tCKHsSU0eTqTcKps41YIkObQT8drf8a0l1F YpS4EZribj7rAQFx1Fv06YbK8sY1CAQjpC0NUkabdYGlAF+x2jl32UeoTX2veXbfiGRP WaTNQHYBCXmOUPxmYvt0O6dfQRh2h/lG/lVQcIg0zlZnDqXAOHLBN7AAYeDgINSkMtRp Hx3D4UVEkTZ7BvRDeNhYY0Sb3BiAH4wAo3gSPwRT71QwxRjLPQRODDbmS1gk5MIylBBN NJp1rvZXNLmbsEhNK90PCh+BRZctlXIf4NvS6uYUB4phffHaZ3NPfBmzgNwjA+YuqflI CBzQ== X-Gm-Message-State: AOAM533TPmA3p9HUXVNijdWsPD+WDfNCZt5j+BQSP9zU4TV7ghTF9Lvl rIp5VlK0KvCJr9ykis48qxlW4ZTtPYbZ/Q== X-Google-Smtp-Source: ABdhPJwvqt1CYoOMO846IkGX/ApNUTHIw1m4WrJPiGDTMseUnh1eXHz6YLnXz4TVx58ge90WjIi47g== X-Received: by 2002:a7b:cf03:: with SMTP id l3mr3679302wmg.110.1625673830409; Wed, 07 Jul 2021 09:03:50 -0700 (PDT) Received: from laptop.gmail.com ([2a02:8109:2840:ab4:4a5d:60ff:fee6:a654]) by smtp.gmail.com with ESMTPSA id v2sm20346754wru.16.2021.07.07.09.03.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 09:03:50 -0700 (PDT) User-agent: mu4e 1.4.15; emacs 27.2 From: Thomas Albers To: help-guix@gnu.org Subject: Typing LUKS passphrase only once and a possible solution Date: Wed, 07 Jul 2021 18:05:44 +0200 Message-ID: <87k0m2gld3.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=tgalbers2000@gmail.com; helo=mail-wm1-x330.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Wed, 07 Jul 2021 12:38:37 -0400 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1625675928; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=w8NKJdfeOZagORV34KcbjpN3OIm02h4jO+nz2HBwvtg=; b=RI/uuK3Irojy/0yKmBXAzdfEh6TdsKxMWjHTHdsWD8PAsrL7z9VZEFcIzR6li4TRCQA5Jv Sg6hRCREMJxJwxpl7B0QI/dxedtVyYdoQ9sv0zhi6XcflmwzgSn1IeTMhOJBZVgu8OS1Wg /OyaFDs6O1BxhD4JhTbxCIp6pyvIRfzfn7279DU9m2fEkfIjHlgEKPehKhD0AMTC0GxUYJ 3sreqWE4xV0/o42itHBrNFU2gCun0rXQ2U5nlrXsAjYb3nZoSFhyjLDmXfIs1x2fWrv8QI JV4EeQr6F588FmqDEogEeFcurPnwy8403Y4CLjHZe+dG+7gIty8NMIk4k/h9Lw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1625675928; a=rsa-sha256; cv=none; b=gcWM7B+wzcSeCQQjyVxEvUhbRmFyD77vsePzSS0eWabMFX8A4w/YbJLHRxmqXni0a/BV54 kabD2LR3lJWVeqicaqYg1kDHCs1n3mkJbz0Nr0j7TxIiSMQaz+nAi98kxhlipaSYrWb1F/ 6GOvnN9mCzQap1PKOUBJtUaGl/eUXgy/Xxq2MzkduCCYN7UIXOLs+QqVHcI+4O8ySsGwgp vjTiwRTf40R7KhqOYQgdRHgQXvUnoAByVUajLK/vtIVmVpxm8iYVlqDq4JT/e4W0e8qJ7I EPzG/kp/6ai7HWQtOBXwe6X8n36UFnw+rrpqHsjtO7c1iMaroNEQBSO3os86wQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=B1mstJGt; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.11 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=B1mstJGt; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 5E2642465E X-Spam-Score: -3.11 X-Migadu-Scanner: scn1.migadu.com X-TUID: uB1mFnQ2lacp Hello everyone, I recently installed guix on my X200T and through the process I found some challenges I was not not solve by myself. Its nothing strictly necessary but I would like to solve them nonetheless. My current setup consists of libreboot, my main luks partition and a lvm group inside. The problem I mentioned is the necessity of typing the passphrase for the luks device twice. Once for the bootloader and again for the kernel itself. In other distributions this is avoided by copying a key file into the initramfs and passing the kernel parameter "cryptkey" to linux. So naturally the first I tried after not finding any documentation on this topic was this, albeit without success. Reading the relevant files (gnu system linux-initrd) and (gnu system mapped-devices) I noticed that the kernel parameter is not really needed, because the one decrypting the luks device is actually the init script inside the initramfs. So the question would be: Is it possible to add arguments to the call to cryptsetup inside the init script without having to redefine the "luks-device-mapping" variable and without rewriting the definition of the "open-luks-device" function? - both defined locally inside the (gnu system mapped-devices) module. My suggestion would be to add a "extra-options" field to structure. This field would be appended to the command line arguments to the cryptsetup call. One could also add a "keyfile" parameter but this would be too specific to the luks device mapper and it would also cause other problems as well. For example, not everyone would like to store the keyfile inside the store. Also, is it possible to modify existing code for such small changes, without needing to rewrite complete functions? Many of the functions used are not exposed by the modules and one needs to rewrite the function one wants to use and also its dependencies. My last question would be: Why is the file called initrd, when in reality a initramfs scheme is used? Thanks for taking the time to read this and for any help you can provide. Thomas Albers Raviola