New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
disko: Enable Luks disk encryption #517
base: main
Are you sure you want to change the base?
Conversation
I believe this has to be done in an installation phase? Either choose passwd or yubikey. Because rebuilding an image per installation is not really viable. If full luks can't be done on the fly in the installer, can we prompt for a key rotation (i.e. force a password change on first boot, and give option for either passwd or yubikey) Secondly, shouldn't the passwd,/yubikey be mixed with tpm on the device? Or does fido2luks do this behind the scene? |
Hi @remimimimimi can we do Luks encryption along with yubikey enrollment during installation phase? |
New disk configuration provides grounds for upcoming features, such as AB software updates and Storage VM and many more. Signed-off-by: Ivan Nikolaenko <ivan.nikolaenko@unikie.com>
This patch will add a disk encryption config option and based on the config option if enabled then LUKS encryption on particular LVM devices will be enabled. Signed-off-by: Vunny Sodhi <vunny.sodhi@unikie.com>
This patch creates luks filesystem which is encrypted and can be decrypted using Yubikey or system password.
Description of changes
Checklist for things done
x86_64
aarch64
riscv64
nix flake check --accept-flake-config
and it passesTesting
Please follow the below steps:
Improvements