Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guide for LUKS encryption setup #108

Open
cor opened this issue Oct 14, 2023 · 9 comments
Open

Guide for LUKS encryption setup #108

cor opened this issue Oct 14, 2023 · 9 comments

Comments

@cor
Copy link

cor commented Oct 14, 2023
edited
Loading

Currently, the install guide says the following:

We will add a root partition to the remaining free space and format it as ext4. Alternative partition layouts and filesystems, including LUKS encryption, are possible, but not covered by this guide.

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

I did find this guide on how to do it for Fedora Asahi, but it's not 1:1 translatable
@vilvo
Copy link

vilvo commented Oct 14, 2023

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

This worked for me https://github.com/vilvo/mxdots#disk-encryption-with-systemd-boot

@cor
Copy link
Author

cor commented Oct 14, 2023

I would greatly appreciate it if the install guide could be extended to include instructions for LUKS encryption setup.

This worked for me https://github.com/vilvo/mxdots#disk-encryption-with-systemd-boot

Thanks for sharing! Super excited to try this out tomorrow :)

@cor
Copy link
Author

cor commented Oct 15, 2023
edited
Loading

@vilvo I've followed your guide and after typing reboot the prompt to type the Passphrase shows up, but I am completely unable to use the keyboard. I'm also unable to use the keyboard in earlier stages of the boot process. Have you ran into this issue? Any idea whats going on here?

Screenshot 2023-10-16 at 01 15 44

(Device: 13" M2 Macbook Air with 16GB RAM and 512GB SSD)

EDIT: Plugging in an USB keyboard and typing in my passphrase does work! However, the errors persist and I cannot use my internal keyboard

@n3oney
Copy link

n3oney commented Dec 21, 2023

@cor I'd guess something's incorrect with your initrd kernel modules.

@vilvo
Copy link

vilvo commented Dec 22, 2023

@cor I'd guess something's incorrect with your initrd kernel modules.

This is probably the case with M2 though I do not know how the keyboard connection differs from M1.
@cor - what have you got on these lines in your hardware-configuration.nix

boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];

@tpwrules
Copy link
Owner

I don't have an M2 so it would be hard for me to identify the necessary kernel modules.

If there are additional things to add to boot.initrd.kernelModules to make this work properly, please file a PR.

@psanford
Copy link

I have luks working with an m2 air. This is my initrd module config, if its helpful:

  boot.initrd.kernelModules = [
    "usb_storage"
    "usbhid"
    "dm-crypt"
    "xts"
    "encrypted_keys"
    "ext4"
    "dm-snapshot"
  ];

@vilvo
Copy link

vilvo commented Dec 23, 2023

I have luks working with an m2 air. This is my initrd module config, if its helpful:

  boot.initrd.kernelModules = [
    "usb_storage"
    "usbhid"
    "dm-crypt"
    "xts"
    "encrypted_keys"
    "ext4"
    "dm-snapshot"
  ];

It is, thank you. It’s the usbhid that does the keyboard magic.

@shelvacu
Copy link

shelvacu commented Oct 1, 2024

FWIW anyone putting encryption keys on a thumb drive like I did, I have a mac mini m1 and needed the module uas for the thumb drive to be recognized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@psanford @tpwrules @vilvo @shelvacu @cor @n3oney