feat(boot): switch to systemd initramfs + rd.luks.name cmdline

Prerequisite for TPM2 LUKS unlock. systemd-cryptenroll stores TPM hints in LUKS2 token metadata, so no cmdline options are needed beyond rd.luks.name (sd-encrypt auto-discovers enrolled tokens). After chezmoi apply: sudo mkinitcpio -P && sudo sbctl verify, then reboot. Passphrase still works; TPM enrollment is a separate step.
author: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-13 13:43:11 +0100
committer: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-13 13:43:11 +0100
commit: c6b57e8dcce0608febf881a88f83decd5b2769d3 (patch)
tree: 48f23c310aa5bf4d265ea0cdaa0d94e10a282359 /etc/kernel
parent: 94e37937f7fda28f60d9ad7c56b4cb5e771ef5ce (diff)
download: dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.gz
dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.bz2
dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/kernel/cmdline b/etc/kernel/cmdline
index d396f1e..341f153 100644
--- a/etc/kernel/cmdline
+++ b/etc/kernel/cmdline
@@ -1 +1 @@
-cryptdevice=UUID=81520bbc-1e7a-45e6-9465-cfc2e8b18945:root root=/dev/mapper/root rw quiet
+rd.luks.name=81520bbc-1e7a-45e6-9465-cfc2e8b18945=root root=/dev/mapper/root rw quiet
author	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-13 13:43:11 +0100
committer	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-13 13:43:11 +0100
commit	c6b57e8dcce0608febf881a88f83decd5b2769d3 (patch)
tree	48f23c310aa5bf4d265ea0cdaa0d94e10a282359 /etc/kernel
parent	94e37937f7fda28f60d9ad7c56b4cb5e771ef5ce (diff)
download	dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.gz dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.tar.bz2 dotfiles-c6b57e8dcce0608febf881a88f83decd5b2769d3.zip