Ludovic Courtès <[email protected]> writes:
> Hi,
>
> Tomas Volf <[email protected]> skribis:
>
>> Ludovic Courtès <[email protected]> writes:
>
> [...]
>
>>> This new mechanism effectively supersedes #:key-file by making GRUB pass
>>> instructions to open the LUKS device to the initrd; see “Automatic LUKS
>>> Master Key Passing” in the manual (info "(guix) Bootloader Configuration").
>>
>> Right, I have read that section and I am using it for my root devices.
>> But I have no idea how to use it for these drives as well. When I check
>> /etc, the luks_script file is not there, so it seems it is not persisted
>> across root pivot? And even if it would be persisted, I have no idea
>> how GRUB should even know *how* to unlock these drives.
>
> GRUB creates /etc/luks_script as an extra initrd, and that initrd
> vanishes once you’ve booted.
>
> Do you have an idea for what device you’re getting these messages?
> What’s your config like?
Yeah, it is for my storage drives, so the message is printed ten times,
once for every disk. That is where my confusion stems from. GRUB does
not touch these disks at all, they do not participate in the boot
process. So I am confused how would GRUB be able to provide
instructions to unlock them.
Relevant parts of my configuration are:
--8<---------------cut here---------------start------------->8---
(define %storage-disks-mapped-devices
(map (match-lambda
((disk/name . disk/uuid)
(mapped-device
(source (uuid disk/uuid))
(target disk/name)
(type luks-device-mapping)
(arguments (list #:key-file "xxCENSOREDxx")))))
'(("storage01" . "xxCENSOREDxx")
("storage02" . "xxCENSOREDxx")
("storage03" . "xxCENSOREDxx")
("storage04" . "xxCENSOREDxx")
("storage05" . "xxCENSOREDxx")
("storage06" . "xxCENSOREDxx")
("storage07" . "xxCENSOREDxx")
("storage08" . "xxCENSOREDxx")
("storage09" . "xxCENSOREDxx")
("storage10" . "xxCENSOREDxx"))))
--8<---------------cut here---------------end--------------->8---
and
--8<---------------cut here---------------start------------->8---
(mapped-devices %storage-disks-mapped-devices)
--8<---------------cut here---------------end--------------->8---
and
--8<---------------cut here---------------start------------->8---
(file-system
(device "/dev/mapper/storage01")
(mount-point "/storage")
(type "btrfs")
(dependencies %storage-disks-mapped-devices))
--8<---------------cut here---------------end--------------->8---
>
> (Maybe take it to Danny Milosavljevic because I’m no expert. :-))
>
> Ludo’.
I *think* just swapping order in mapped-devices.scm (to try keyfile
first) should solve my problem. I will try whether that works and if it
does, send a patch.
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
