Arch has patched version of GRUB 2.06 to boot from LUKS2 encrypted partition already. Has anybody created patched GRUB package for NixOS as well?
https://wiki.archlinux.org/title/GRUB#LUKS2
I’ve already tried booting from LUKS 2 pattitoin without patching GRUB. My NixOS installation does not boot after converting the partition to LUKS 2 from LUKS 1.
I followed this guide to setup NixOS with LUKS 1 encrypted partition.
I’ve tried patching by myself, and worked!
I only needed to apply grub-install_luks2.patch from AUR (en) - grub-improved-luks2-git.
Tested on NixOS 21.11.
/etc/nixos/configuration.nix
nixpkgs.overlays = [
(import ./overlays/grub2)
];
/etc/nixos/overlays/grub2/default.nix
(self: super: {
grub2 = super.grub2.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches ++ [
./grub-install_luks2.patch
];
});
})
Download ./grub-install_luks2.patch from above AUR package page and place it in /etc/nixos/overlays/grub2/.
I didn’t apply argon2 patches. It might work, I just haven’t tried that.
What happens if you input your password wrong?
On many distros with with the old LUKS versions grub didnt asked again for the password after the first unsuccessful try.
In that case GRUB still drops me into rescue shell with error message error: Invalid passphrase, unfortunately. As I didn’t know commands in the rescue shell, I simply pressed Ctrl + Alt + Del to reboot and try again.