From 690dac11f3a39cab27661833a5a1c4c43246d10c Mon Sep 17 00:00:00 2001 From: Janne Heß Date: Sun, 3 Jun 2018 21:25:06 +0200 Subject: nixos/luksroot: Support keyfile offsets --- nixos/modules/system/boot/luksroot.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 7ebfdb134d7d..1a94e9336374 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -5,7 +5,7 @@ with lib; let luks = config.boot.initrd.luks; - openCommand = name': { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; '' + openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; '' # Wait for a target (e.g. device, keyFile, header, ...) to appear. wait_target() { @@ -47,6 +47,7 @@ let ${optionalString (keyFile != null) '' ${optionalString fallbackToPassword "if [ -e ${keyFile} ]; then"} echo " --key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}" \ + ${optionalString (keyFileOffset != null) "--keyfile-offset=${toString keyFileOffset}"}" \ >> /.luksopen_args ${optionalString fallbackToPassword '' else @@ -316,6 +317,19 @@ in ''; }; + keyFileOffset = mkOption { + default = null; + example = 4096; + type = types.nullOr types.int; + description = '' + The offset of the key file. Use this in combination with + keyFileSize to use part of a file as key file + (often the case if a raw device or partition is used as a key file). + If not specified, the key begins at the first byte of + keyFile. + ''; + }; + # FIXME: get rid of this option. preLVM = mkOption { default = true; -- cgit 1.4.1