Commit graph

24 commits

Author SHA1 Message Date
Evgeny Egorochkin
6ecf2c3a28 LuksRoot: use generic aes module which loads platform-optimized modules automagically. 2013-01-14 05:12:20 +02:00
Evgeny Egorochkin
0f11519d45 LuksRoot: add more modules to load by default and let users add more or override the list. Added every module
mentioned by most popular guides, benchmarks and discussions to make things just work.
2013-01-13 12:44:16 +02:00
Evgeny Egorochkin
8c710b4f23 LuksRoot: mitigate DMA key recovery attacks by default. 2013-01-13 11:04:26 +02:00
Rickard Nilsson
a6039e1be2 LUKS root: Fix key file check
Check for null instead of empty string
2012-08-02 11:39:31 +02:00
Rickard Nilsson
0958b224ac LUKS root: Add option for using a key file instead of a passphrase. 2012-08-02 11:30:33 +02:00
Rickard Nilsson
ecdbc94e05 LUKS root: Add option allowDiscards (for SSD disks) 2012-08-02 11:27:28 +02:00
Shea Levy
bb5d2d53fe try isn't used, so use the more compatct seq 10 2012-06-27 09:43:54 -04:00
Mathijs Kwik
061a998840 luks root: c-style for-loop -> seq
The ash shell no longer supports this bash-specific syntax.
This left systems that use luksroot unable to boot.
2012-06-27 09:42:55 -04:00
Eelco Dolstra
07fcf5baee * Make the boot.initrd.luks.enable option obsolete. It's enough to
see that boot.initrd.luks.devices is non-empty.

svn path=/nixos/trunk/; revision=34120
2012-05-15 20:45:01 +00:00
Eelco Dolstra
836fa3b6ae * Fix missing semicolon.
svn path=/nixos/trunk/; revision=33933
2012-04-26 14:53:58 +00:00
Peter Simons
8c93993e1b modules/system/boot/luksroot.nix: fixed the descriptions of the options defined in this module
svn path=/nixos/trunk/; revision=33927
2012-04-26 12:21:45 +00:00
Lluís Batlle i Rossell
98dde13782 If enabling luks on initrd, also adding cryptsetup to system packages. I think it's useful.
svn path=/nixos/trunk/; revision=32910
2012-03-08 20:49:26 +00:00
Lluís Batlle i Rossell
1adaabef58 Adding an option to luksroot, so it allows to define whether to launch cryptsetup after or before LVM.
To allow dmcrypt over lvm and lvm over dmcrypt.


svn path=/nixos/trunk/; revision=32784
2012-03-04 21:00:35 +00:00
Lluís Batlle i Rossell
79d4b11aeb Making the luks thing of initrd a bit more flexible. I used it to get a
ciphered swap, where I could hibernate ciphered.


svn path=/nixos/trunk/; revision=32754
2012-03-03 16:07:18 +00:00
Florian Friesdorf
3ebc7727f7 Revert "test we have cryptsetup-1.4.1 in initrd"
This reverts commit 025f8c40b40fad50086e8761eee61098d8fb2651.

The check was intened for building the initrd of the installer.

svn path=/nixos/trunk/; revision=31137
2011-12-28 22:37:38 +00:00
Florian Friesdorf
0544a008db Revert "added an "error" to luksroot that should be caught"
This reverts commit c7967af35a13f68a8785c142582b639dc8c8e92c.

svn path=/nixos/trunk/; revision=31136
2011-12-28 22:36:26 +00:00
Florian Friesdorf
829bd9a727 added an "error" to luksroot that should be caught
svn path=/nixos/trunk/; revision=31135
2011-12-28 22:21:31 +00:00
Florian Friesdorf
c7fd05a650 test we have cryptsetup-1.4.1 in initrd
svn path=/nixos/trunk/; revision=31132
2011-12-28 21:46:50 +00:00
Florian Friesdorf
c15aa7aea3 luksroot uses preLVMCommands instead of postDeviceCommands
svn path=/nixos/trunk/; revision=31131
2011-12-28 21:46:48 +00:00
Florian Friesdorf
0a9f3a36ec luksroot waits for usb drive
svn path=/nixos/trunk/; revision=31129
2011-12-28 21:46:42 +00:00
Florian Friesdorf
dd8e725d7d copy only cryptsetup deps to stage-1 and test cryptsetup
popt-0.16 and cryptsetup-1.4.1 both generated pkgconfig (in contrast
to older versions). The pkgconfig files (popt.pc and cryptsetup.pc)
contain references into the store that are not removed by patchelf and
stage-1 fails with errors like: "output is not allowed to refer to
path `/nix/store/qccjhn063cfv171rcaxvxh0yk96zf7l2-cryptsetup-1.4.1'".

Now, only the cryptsetup binaries and its dependencies are copied,
determined by ldd. In addition the cryptsetup binary and lvm are
tested after patchelf has adjusted the library paths.

Thanks to Peter Simons and Eelco Dolstra for giving the rights hints.

svn path=/nixos/trunk/; revision=31128
2011-12-28 21:46:40 +00:00
Peter Simons
eb6e1310b8 strip trailing whitespace; no functional change
svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
Eelco Dolstra
dff372db3c * Fix evaluation of the luksroot module when luksRoot == null. The
problem is that configuration values below a mkIf are evaluated
  strictly even if the condition is false.  Thus "${luksRoot}" causes
  an evaluation error.  As a workaround, use the empty string instead
  of `null' as the default value.  However, we should really fix the
  laziness of mkIf.  It's likely that NixOS evaluation would be much
  faster if it didn't have to evaluate disabled configuration values.

svn path=/nixos/trunk/; revision=24477
2010-10-25 22:21:51 +00:00
Evgeny Egorochkin
791c758b41 Encrypted root support via LUKS
svn path=/nixos/trunk/; revision=24459
2010-10-25 00:57:30 +00:00