diff options
author | Janne Heß <janne@hess.ooo> | 2018-06-03 21:25:06 +0200 |
---|---|---|
committer | Janne Heß <janne@hess.ooo> | 2018-08-07 17:39:02 +0200 |
commit | 690dac11f3a39cab27661833a5a1c4c43246d10c (patch) | |
tree | b9b98684b6264f5d649f988d778c1d75c26fbac3 /nixos | |
parent | 9e727bfc727e310628163149cbf57f0f9345bc78 (diff) | |
download | nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar.gz nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar.bz2 nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar.lz nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar.xz nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.tar.zst nixlib-690dac11f3a39cab27661833a5a1c4c43246d10c.zip |
nixos/luksroot: Support keyfile offsets
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 7ebfdb134d7d..1a94e9336374 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -5,7 +5,7 @@ with lib; let luks = config.boot.initrd.luks; - openCommand = name': { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; '' + openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; '' # Wait for a target (e.g. device, keyFile, header, ...) to appear. wait_target() { @@ -47,6 +47,7 @@ let ${optionalString (keyFile != null) '' ${optionalString fallbackToPassword "if [ -e ${keyFile} ]; then"} echo " --key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}" \ + ${optionalString (keyFileOffset != null) "--keyfile-offset=${toString keyFileOffset}"}" \ >> /.luksopen_args ${optionalString fallbackToPassword '' else @@ -316,6 +317,19 @@ in ''; }; + keyFileOffset = mkOption { + default = null; + example = 4096; + type = types.nullOr types.int; + description = '' + The offset of the key file. Use this in combination with + <literal>keyFileSize</literal> to use part of a file as key file + (often the case if a raw device or partition is used as a key file). + If not specified, the key begins at the first byte of + <literal>keyFile</literal>. + ''; + }; + # FIXME: get rid of this option. preLVM = mkOption { default = true; |