Comment by gf000
3 months ago
I don't have personal experience with zfsboot - I have used UEFI/systemd-boot previously with ZFS root, and now use an initrd which loads the encryption key to ZFS root.
But NixOS itself does something similar, it has generations and if you change some setting and rebuild your system, the previous' link will be available in the boot menu, so you can easily try out stuff and just revert if it doesn't work - it is file system independent, but it only handles nix-specific stuff.
I am struggling to get systemd to cooperate with a TPM on boot right now, let alone ZFS. I'll probably drop back to initrd.
I just want encryption at rest for when it comes time to dispose of the disk, there's not supposed to be unencrypted sensitive data on it anyway.