diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:11 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:11 +0100 |
| commit | c6b57e8dcce0608febf881a88f83decd5b2769d3 (patch) | |
| tree | 48f23c310aa5bf4d265ea0cdaa0d94e10a282359 | |
| parent | 94e37937f7fda28f60d9ad7c56b4cb5e771ef5ce (diff) | |
| download | dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.gz dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.bz2 dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.zip | |
feat(boot): switch to systemd initramfs + rd.luks.name cmdline
Prerequisite for TPM2 LUKS unlock. systemd-cryptenroll stores TPM hints
in LUKS2 token metadata, so no cmdline options are needed beyond
rd.luks.name (sd-encrypt auto-discovers enrolled tokens).
After chezmoi apply: sudo mkinitcpio -P && sudo sbctl verify, then
reboot. Passphrase still works; TPM enrollment is a separate step.
| -rw-r--r-- | etc/kernel/cmdline | 2 | ||||
| -rw-r--r-- | etc/mkinitcpio.conf | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/kernel/cmdline b/etc/kernel/cmdline index d396f1e..341f153 100644 --- a/etc/kernel/cmdline +++ b/etc/kernel/cmdline @@ -1 +1 @@ -cryptdevice=UUID=81520bbc-1e7a-45e6-9465-cfc2e8b18945:root root=/dev/mapper/root rw quiet +rd.luks.name=81520bbc-1e7a-45e6-9465-cfc2e8b18945=root root=/dev/mapper/root rw quiet diff --git a/etc/mkinitcpio.conf b/etc/mkinitcpio.conf index b994d89..1ff386b 100644 --- a/etc/mkinitcpio.conf +++ b/etc/mkinitcpio.conf @@ -52,7 +52,7 @@ FILES=() # ## NOTE: If you have /usr on a separate partition, you MUST include the # usr and fsck hooks. -HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck) +HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck) # COMPRESSION # Use this to compress the initramfs image. By default, zstd compression |