diff options
| author | Josselin Poiret <dev@jpoiret.xyz> | 2021-11-15 20:53:39 +0000 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2021-12-01 17:51:37 +0100 |
| commit | adce91a3ec0cb2912daa6eefe9324c15ff3126f7 (patch) | |
| tree | 5f5fb0b86238ab4e9be08e4f84f3422e7d4d0069 /gnu | |
| parent | 9f371f23ebfa20f70b3bfd55dc459b683f21ba91 (diff) | |
gnu: system: Add LUKS2 support for the root file system.
* gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod
luks2'.
* gnu/system/mapped-devices.scm (open-luks-device): Create
'/run/cryptsetup/' directory.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/bootloader/grub.scm | 3 | ||||
| -rw-r--r-- | gnu/system/mapped-devices.scm | 10 |
2 files changed, 9 insertions, 4 deletions
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm index d8e888ff40..42f71aa4db 100644 --- a/gnu/bootloader/grub.scm +++ b/gnu/bootloader/grub.scm @@ -415,8 +415,7 @@ menuentry ~s { ;; Other type of devices aren't implemented. #~())) (let ((devices (map crypto-device->cryptomount store-crypto-devices)) - ;; XXX: Add luks2 when grub 2.06 is packaged. - (modules #~(format port "insmod luks~%"))) + (modules #~(format port "insmod luks~%insmod luks2~%"))) (if (null? devices) devices (cons modules devices)))) diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 518dbc4fe8..96a381d5fe 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -192,7 +192,8 @@ option of @command{guix system}.\n") "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure - '((gnu build file-systems))) + '((gnu build file-systems) + (guix build utils))) ;; For mkdir-p (match targets ((target) #~(let ((source #$(if (uuid? source) @@ -201,7 +202,12 @@ option of @command{guix system}.\n") ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) - #:select (find-partition-by-luks-uuid))) + #:select (find-partition-by-luks-uuid)) + ((guix build utils) #:select (mkdir-p))) + + ;; Create '/run/cryptsetup/' if it does not exist, as device locking + ;; is mandatory for LUKS2. + (mkdir-p "/run/cryptsetup/") ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the ;; whole world inside the initrd (for when we're in an initrd). |