I would like to achieve the setup in a declarative way. Currently doing this:
- Enabling
boot.initrd.systemd.enable
- Using the command
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<my encrypted device>
Related post: Full disk encryption + TPM2
1 Like
Hi,
so if I understand, you are wondering if there is a way to run systemd-cryptenroll from your config files.
Correct?
In this case, I do not know, but I suppose there should be…
It would be nice to include all the setup stuff into a nix file
Regards
1 Like