[bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesyst

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesyst

From:	chayleaf
Subject:	[bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems
Date:	Tue, 04 Jan 2022 02:12:49 +0700
User-agent:	Evolution 3.42.2

In advance, sorry if you received this message twice. The spam filters
seemed to reject this E-mail at first. No idea if it will go through
now, I'm still in the process of requesting a PTR entry.

> Yes, this is what I was suggesting, although I don't really know how
> Linux handles multiple initrds.  Is the resulting initramfs a union
> of the different initrds?

As far I know, the initrds are simply concatenated in-memory, and then
the kernel extracts all of the images to a tmpfs.

> Do you think you could handle adding additional initrd support to
> GRUB?  I don't think it should be that hard.

I could totally do that, I would really appreciate it if you told me
what the end-user interface should look like though.  Currently,
operating-system's initrd key is supposed to be a derivation, but in
case of initrds that might contain the user's encryption key it should
be a regular path.  One option would be to change "initrd" to "initrds"
(similar to mapped-device's "target" and "targets") and interpret
string? initrds as a path.  Another one is to add a new key in
bootloader-configuration.

A potential problem is that mounted paths and filesystem paths (I don't
know the exact terminology) may differ - consider, for example, a
separate /boot partition, or btrfs subvolumes.  If mounted paths are
used, it needs to be documented and the correct partition needs to be
mounted in GRUB, if filesystem paths are used, it once again needs to
be documented and the user needs to be able to specify not just the
path, but also the device the initrd resides on.

Also, I'm not sure all bootloaders support multiple initrds, and I
can't test the EFI bootloaders.  In particular, I couldn't find
anything that could let one use multiple initrds in U-Boot
documentation.  You can load multiple images at different addresses,
but I'm not sure whether that is enough to load multiple initrds. 
However, EXTLINUX documentation states "The initrd parameter supports
multiple filenames separated by commas".

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems, chayleaf <=
- [bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems, Ludovic Courtès, 2022/01/05

Prev by Date: [bug#52897] [PATCH] doc: Add instructions on upgrading the build daemon with doas.
Next by Date: [bug#52953] [PATCH v2 0/3] Update openmw to 0.47.0.
Previous by thread: [bug#52897] [PATCH] doc: Add instructions on upgrading the build daemon with doas.
Next by thread: [bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems
Index(es):
- Date
- Thread