diff options
Diffstat (limited to 'nixos/modules/system/boot/luksroot.nix')
| -rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 3ca679b479a0..06f004fb06ec 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -235,6 +235,16 @@ in ''; }; + boot.initrd.luks.forceLuksSupportInInitrd = mkOption { + type = types.bool; + default = false; + internal = true; + description = '' + Whether to configure luks support in the initrd, when no luks + devices are configured. + ''; + }; + boot.initrd.luks.devices = mkOption { default = { }; example = { "luksroot".device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; }; @@ -417,7 +427,7 @@ in }; }; - config = mkIf (luks.devices != {}) { + config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) { # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks |