Mic92
commented
6 months ago There is no trick as of today. Those VMs also run in a nix-build, which would require adding secrets. Maybe there could be a way to allow stub secrets for testing.
Open haraldh opened 6 months ago
Mic92
commented
6 months ago There is no trick as of today. Those VMs also run in a nix-build, which would require adding secrets. Maybe there could be a way to allow stub secrets for testing.
haraldh
commented
6 months ago Thanks for the quick answer! Yeah, stub secrets would be great!
Mic92
commented
6 months ago @Lassulus could we recursively override all existing cryptsetup keys with fake keys? Same for zfs.
Mic92
commented
6 months ago Not sure how could provide these keys at boot time...
haraldh
commented
6 months ago maybe https://systemd.io/CREDENTIALS/
VMs can be passed credentials via SMBIOS OEM strings (example qemu command line switch
-smbios type=11,value=io.systemd.credential:foo=bar
Is there any trick how I can test a luks setup with
--vm-test. Doing so always fails to unlock the luks device in thebooted_machinestage of course, because the key files are missing.