nixos.luksroot: fix assertion message to name correct option

author: Jade Lovelace <software@lfcode.ca> 2024-03-05 13:38:38 -0800
committer: Jade Lovelace <software@lfcode.ca> 2024-03-18 14:41:47 -0700
commit: a72afcbc4896f1bff362cd65d0656f6f0207cdb6 (patch)
tree: 317e5085bc6709970f28926a9ffa5fd78a0e6e25 /nixos/modules/system
parent: e09d2ff9da954e562d81e8cb219b871d8aff48f9 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 86a3875e2c67c..3020734783e7a 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -982,8 +982,10 @@ in
         }
         { assertion = config.boot.initrd.systemd.enable -> !luks.fido2Support;
           message = ''
-            systemd stage 1 does not support configuring FIDO2 unlocking through `boot.initrd.luks.devices.<name>.fido2`.
-            Use systemd-cryptenroll(1) to configure FIDO2 support.
+            systemd stage 1 does not support configuring FIDO2 unlocking through `boot.initrd.luks.fido2Support`.
+            Use systemd-cryptenroll(1) to configure FIDO2 support, and set
+            `boot.initrd.luks.devices.''${DEVICE}.crypttabExtraOpts` as appropriate per crypttab(5)
+            (e.g. `fido2-device=auto`).
           '';
         }
         # TODO
author	Jade Lovelace <software@lfcode.ca>	2024-03-05 13:38:38 -0800
committer	Jade Lovelace <software@lfcode.ca>	2024-03-18 14:41:47 -0700
commit	a72afcbc4896f1bff362cd65d0656f6f0207cdb6 (patch)
tree	317e5085bc6709970f28926a9ffa5fd78a0e6e25 /nixos/modules/system
parent	e09d2ff9da954e562d81e8cb219b871d8aff48f9 (diff)