Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
nixos/luksroot: Add option to save passphrases. #64374
Motivation for this change
I needed that another LUKS device gets unlocked automatically using the same passphrase that was used to unlock the LUKS device containing the root file system. This adds an option to the initrd which if enabled will save passphrases to
That one temporarily saves the passphrase and automatically tries to reuse it for the next LUKS device opened from the initrd. That allows opening multiple LUKS devices in the initrd while typing only one passphrase.
What I need is to open just one device in the initrd (where the root filesystem is), and open another device automatically during the systemd boot. That other device does not need to be opened in the initrd; configuring it to be opened in the initrd would prevent me from booting if the device does not work, would also increase the boot time a little (since it is not done in parallel).
This patch makes it possible for the initrd to save the passphrase so that it can be used later (after the initrd is done) to open another device. To do that I added a systemd service like this: