Dear community,
I faithfully followed the tutorial in the Wiki to decrypt my hard drive during boot using a USB stick (in my case an SD card). However, it does not work. Error is that LUKS is ‘waiting for nopassphrasekey’, but it doesn’t come up.
Could someone have a look at my config and check whether there is an obvious mistake? Of note, if I use cryptkey
everything works fine, however, cryptkey is unfortunately passphrase-protected (and I don’t want to type it upon boot).
boot.initrd.kernelModules = [ "mmc_core" ];
boot.initrd.luks.devices = {
cryptkey.device = "/dev/disk/by-uuid/ccd19ab7-0e4d-4df4-8912-b87139de56af";
nopassphrasekey = {
device = "/dev/disk/by-id/mmc-SD02G_0x6035b72d";
allowDiscards = true;
keyFileSize = 4096;
# pinning to /dev/disk/by-id/usbkey works
keyFile = "/dev/mmcblk0";
};
cryptroot = {
device="/dev/disk/by-uuid/88242cfe-48a1-44d2-a29b-b55e6f05d3d3";
keyFile="/dev/mapper/nopassphrasekey";
};
cryptswap = {
device="/dev/disk/by-uuid/f6fa3573-44a9-41cc-bab7-da60d21e27b3";
keyFile="/dev/mapper/nopassphrasekey";
};
};
Best wishes,
Moritz