From c6b57e8dcce0608febf881a88f83decd5b2769d3 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:11 +0100
Subject: feat(boot): switch to systemd initramfs + rd.luks.name cmdline

Prerequisite for TPM2 LUKS unlock. systemd-cryptenroll stores TPM hints
in LUKS2 token metadata, so no cmdline options are needed beyond
rd.luks.name (sd-encrypt auto-discovers enrolled tokens).

After chezmoi apply: sudo mkinitcpio -P && sudo sbctl verify, then
reboot. Passphrase still works; TPM enrollment is a separate step.
---
 etc/kernel/cmdline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc/kernel')

diff --git a/etc/kernel/cmdline b/etc/kernel/cmdline
index d396f1e..341f153 100644
--- a/etc/kernel/cmdline
+++ b/etc/kernel/cmdline
@@ -1 +1 @@
-cryptdevice=UUID=81520bbc-1e7a-45e6-9465-cfc2e8b18945:root root=/dev/mapper/root rw quiet
+rd.luks.name=81520bbc-1e7a-45e6-9465-cfc2e8b18945=root root=/dev/mapper/root rw quiet
-- 
cgit v1.3.1