blob: 45cd4b747472032017e9df540f4c05097ab83522 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
{ lib, pkgs, config, ...}:
let
moduleList = builtins.fromJSON (builtins.readFile (pkgs.runCommandCC "crypto-modules" { buildInputs = with pkgs; [ jq ]; } ''
echo "[]" > $out
while IFS= read -r -d $'\0' file; do
unpacked=$(basename "''${file}" .xz)
xz -cd "''${file}" > "''${unpacked}"
module=$(readelf -Wp .gnu.linkonce.this_module "''${unpacked}" | sed -rn '/\[\s*[0-9]+\] /{ s/^[^]]*\]\s*//; p; q; }')
jq '. + [ $name ]' $out --arg name "''${module}" > out.json && mv out.json $out
done < <(find ${config.system.modulesTree}/lib/modules/*/kernel{,/arch/*}/crypto -iname '*.ko.xz' -print0 | sort -z)
''));
in {
boot.initrd.luks.cryptoModules = moduleList ++ [
"encrypted_keys" "trusted" "rng"
];
boot.kernelPatches = [
{
name = "encrypted_key";
patch = null;
extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes;
}
];
}
|