`cryptsetup` missing?

[WhyNotHugo]

I've generated an installer with the instructions on this repo, and then booted into U-Boot and then the image itself off a USB drive.

However, the installation media seems to be missing cryptsetup, so I can't mount (nor re-format) the existing partition on my device.

Can I somehow build an image that includes the additions from this repo and the default ISO installer tools?

[WhyNotHugo]

I tried adding cryptsetup to environment.systemPackages, but looks like it's missing some dependencies or flags...

device-mapper: table: 253:0: crypt: unknown target type
device-mapper: ioctl: error adding target to table
device-mapper:  reload ioctl on root (253:0) failed: Invalid argument

So I guess it's back to the original question: can I somehow make sure the ISO has all the tools the default installer ISO would include?

[WhyNotHugo]

Hm, apparently this is due to dm-crypt module being missing. The Asahi kernel does include dm-crypt tho.

[WhyNotHugo]

I tried replacing https://github.com/tpwrules/nixos-m1/blob/main/nix/m1-support/kernel/config with Asahi's version: https://github.com/AsahiLinux/PKGBUILDs/blob/main/linux-asahi/config.

That did not work, booting the ISO doesn't work. Obviously the Asahi/Arch kernel has other differences that don't work with the Nix loader.

[tpwrules]

The default installer ISO tools are listed here. Everything that goes in the ISO has to be cross-compiled by the user if they are building on x86_64 (which the Github Actions builder uses), so I chose to remove anything that wasn't absolutely essential to setting up a simple install and getting connected to the internet to download more (which you could do to get cryptsetup if necessary). That's why it's a "bootstrap" ISO, it doesn't even have enough to be counted as "minimal".

That said, it looks like cryptsetup was already included on the ISO as a dependency of systemd, it's just not in the path, so I would be totally fine with adding it for user usage. But you are right, the kernel config is also pretty minimal and doesn't support encryption anyway. I haven't sat down to figure out why the Asahi config doesn't boot, I think it might be something with modules vs. built-in features. But if you want to, that would be a very appreciated contribution.

[cnkk]

@WhyNotHugo did the PR solve your issue? I still got the same issue after entering the passphrase for the encrypted root partition at boot.

[psanford]

I was able to get luks encryption working with the following additions (this isn't necessarily the minimal set of changes necessary):

 boot.initrd.availableKernelModules = [ "usb_storage" "usbhid"  "dm-crypt" "xts" "encrypted_keys" "ext4" "dm-snapshot" ];
  boot.initrd.kernelModules = [ "usb_storage" "usbhid"  "dm-crypt" "xts" "encrypted_keys" "ext4" "dm-snapshot" ];

kernel config additions:

+CONFIG_DM_SNAPSHOT=m
+CONFIG_KEYS=y
+CONFIG_ENCRYPTED_KEYS=m
+CONFIG_TRUSTED_KEYS=m