Merge pull request #41425 from dasJ/luks-offset

nixos/luksroot: Support keyfile offsets
2024-11-02 07:31:26 +00:00 · 2018-08-07 18:10:27 +02:00 · 2018-08-07 18:10:27 +02:00 · 010504fbeb
commit 010504fbeb
parent 9e727bfc72 690dac11f3
1 changed files with 15 additions and 1 deletions
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@ -5,7 +5,7 @@ with lib;
 let
  luks = config.boot.initrd.luks;

-  openCommand = name': { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; ''
+  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; ''

    # Wait for a target (e.g. device, keyFile, header, ...) to appear.
    wait_target() {
@ -47,6 +47,7 @@ let
        ${optionalString (keyFile != null) ''
        ${optionalString fallbackToPassword "if [ -e ${keyFile} ]; then"}
            echo " --key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}" \
+                   ${optionalString (keyFileOffset != null) "--keyfile-offset=${toString keyFileOffset}"}" \
              >> /.luksopen_args
        ${optionalString fallbackToPassword ''
        else
@ -316,6 +317,19 @@ in
            '';
          };

+          keyFileOffset = mkOption {
+            default = null;
+            example = 4096;
+            type = types.nullOr types.int;
+            description = ''
+              The offset of the key file. Use this in combination with
+              <literal>keyFileSize</literal> to use part of a file as key file
+              (often the case if a raw device or partition is used as a key file).
+              If not specified, the key begins at the first byte of
+              <literal>keyFile</literal>.
+            '';
+          };
+
          # FIXME: get rid of this option.
          preLVM = mkOption {
            default = true;