Hey guys,
I was thinking to myself, encryption is great ™ but it sucks if you have to enter a password all the time. So I did some digging and found out, you can run a tang server at home and thus make clevis ‘network-aware’. In other words, you have a computer that opens its LUKS device as soon as it can talk to the tang server.
That’s nice in theory, as long as you have wired networking - which is not always the case - especially with modern hardware where all you get is a USB-C port for charging and that’s it.
So I thought I’d just give it a try using our good old friend dracut by generating a wifi.conf
# Essential modules
add_dracutmodules+=" network "
# Optional but helpful for debugging
add_dracutmodules+=" bash "
# NetworkManager support if you need specific connection management
add_dracutmodules+=" nm-network "
# Kernel modules for MT7921 wifi
add_drivers+=" mt7921e mt792x_lib mt7921_common mt76_connac_lib mt76 mac80211 cfg80211 "
# Firmware files (note: .xz might need decompression)
install_items+=(
"/etc/NetworkManager/system-connections/WifiNetwork.nmconnection"
"/lib/firmware/mediatek/mt7921*.bin"
"/lib/firmware/mediatek/WIFI_RAM_CODE_MT7961_1.bin"
"/usr/libexec/nm-initrd-generator"
)
Not sure what I did wrong, but it looks like the system would find the wifi card, but that’s pretty much it. I did some digging using rd.shell rd.break=pre-mount and dmesg showed the firmware loaded correctly and ‘ip’ gave us the interface.
WifiNetwork.nmconnection per se works on my normal system and the wifi password is in there, so it should be connecting. What am I doing wrong?