From c6b57e8dcce0608febf881a88f83decd5b2769d3 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:11 +0100
Subject: feat(boot): switch to systemd initramfs + rd.luks.name cmdline

Prerequisite for TPM2 LUKS unlock. systemd-cryptenroll stores TPM hints
in LUKS2 token metadata, so no cmdline options are needed beyond
rd.luks.name (sd-encrypt auto-discovers enrolled tokens).

After chezmoi apply: sudo mkinitcpio -P && sudo sbctl verify, then
reboot. Passphrase still works; TPM enrollment is a separate step.
---
 etc/mkinitcpio.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc/mkinitcpio.conf')

diff --git a/etc/mkinitcpio.conf b/etc/mkinitcpio.conf
index b994d89..1ff386b 100644
--- a/etc/mkinitcpio.conf
+++ b/etc/mkinitcpio.conf
@@ -52,7 +52,7 @@ FILES=()
 #
 ##   NOTE: If you have /usr on a separate partition, you MUST include the
 #    usr and fsck hooks.
-HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)
+HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
 
 # COMPRESSION
 # Use this to compress the initramfs image. By default, zstd compression
-- 
cgit v1.3.1