diff options
Diffstat (limited to 'sys/boot')
| -rw-r--r-- | sys/boot/stack/luks-ext4-fscrypt-impermanence.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix index 81feb60..7905da3 100644 --- a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix +++ b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix @@ -52,9 +52,10 @@ in { key_id=$(${fscryptctl} add_key /mnt-toplevel </boot-key) ${fscryptctl} set_policy "$key_id" "$root_from_toplevel" (umask 077; test -f /mnt-toplevel/boot-archive.pub && \ - ${pkgs.openssl}/bin/openssl pkeyutl -encrypt \ - -in /boot-key -pubin -inkey /mnt-toplevel/boot-archive.pub \ - -out "/mnt-toplevel/boot-keys/$boot_stamp.key.crypt") + ${getExe pkgs.rage} -ae \ + -R /mnt-toplevel/boot-archive.pub \ + -o "/mnt-toplevel/boot-keys/$boot_stamp.key.age" \ + /boot-key) rm -f /boot-key ln -Tsf "$boot_stamp" /mnt-toplevel/boots/last |