unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* luks device keyfile passed but still ask for passphrase during boot
@ 2024-05-20 18:07 Thomas Bennett
  2024-05-23 12:53 ` Felix Lechner via
  2024-05-23 15:14 ` Tomas Volf
  0 siblings, 2 replies; 3+ messages in thread
From: Thomas Bennett @ 2024-05-20 18:07 UTC (permalink / raw)
  To: help-guix

Hello Guix comunity,

I would like to be able to mount external encrypted disk pasing 
key-files located in the root partition. Thus it would prevent me to 
open those external disks manually by entering passphrases during the 
boot sequence.  Keeping only the passphrase for the root partition is 
fine for now.

I have the following in my config.scm file regarding mapping and 
mounting one of the external disks, a backup one:

  (mapped-devices (list (mapped-device
                         (source (uuid "$ROOT_PARTION_UUID"))
                         (target "$ROOT_PARTITION_MAPPED_NAME")
                         (type luks-device-mapping))
                        (mapped-device
                         (source (uuid "$BACKUP_PARTITION_UUID"))
                         (target "$BACKUP_PARTITION_MAPPED_NAME")
                         (type (luks-device-mapping-with-options
                                #:key-file 
"$BACKUP_PARTITION_KEY_FILE_PATH")))))


  (file-systems (cons* (file-system
                        (mount-point "$BOOT_PARTITION_MOUNTPOINT")
                        (device (uuid "$BOOT_PARTITION_UUID" 'fat32))
                        (type "vfat"))
                       (file-system
                        (mount-point "$ROOT_PARTITION_MOUNTPOINT")
                        (device "/dev/mapper/$ROOT_PARTITION_MAPPED_NAME")
                        (type "ext4")
                        (dependencies mapped-devices))
                       (file-system
                        (create-mount-point? #t)
                        (mount-point "$BACKUP_PARTITION_MOUNTPOINT")
                        (type "ext4")
                        (device "/dev/mapper/$BACKUP_PARTITION_MAPPED_NAME")
                        (dependencies mapped-devices))
                       %base-file-systems)))

And it doesn't work. The configuration loads, but when I boot the 
system, it seems to be unable to find the key file because it stills 
asks for my passphrase to unlock the backup partition.

May it be possible that the root partition is not yet mounted when the 
system tries to map the backup partition? If so, It would explain why it 
doesn't find the key file and asks for my passphrase.

Do you know how to further investigate and/or what's wrong with the 
config and how to achieve the expected result?

Thank you,
Best,
Thomas

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-05-23 15:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-20 18:07 luks device keyfile passed but still ask for passphrase during boot Thomas Bennett
2024-05-23 12:53 ` Felix Lechner via
2024-05-23 15:14 ` Tomas Volf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).