[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LUKS-encrypted root and unencrypted /boot ?

From: Clément Lassieur
Subject: Re: LUKS-encrypted root and unencrypted /boot ?
Date: Fri, 03 Aug 2018 20:53:40 +0200
User-agent: mu4e 1.0; emacs 26.1

Benjamin Slade <address@hidden> writes:

>  > Do you use Libreboot?
> Yes, I'm using Libreboot. Does this make a great difference over the
> manufacturer firmware in this case?

It might, because the GRUB used is the one shipped with Libreboot.  So
it has nothing to do with Guix.  I think talking to the libreboot people
would help you more.  (Disclaimer: I have the same issue, I find that
pressing 'c' and typing 'cryptomount ahci0,gpt3' makes the process

>  > I'm unsure [using an unencrypted /boot] would help, because GRUB
>  > would still have to unencrypt / to access the kernel (the kernel is
>  > in /gnu/store).
> Ah, I see. Is this an immutable design decision?  It would seem good to
> be able to keep the kernel in a separate space in order to avoid the
> issue of extremely long unlocking times when booting.

Nothing is immutable, but it's a strong design decision that all
packages data are put in /gnu/store.  Linux is just one of them.  Plus,
a characteristic of GuixSD is that you can revert to previous
configurations.  Those configurations appear as GRUB lines.  Each
configuration could have a different kernel and kernels take space, so
it wouldn't scale well.  Plus, I think some other stuff is needed as
well, like the initrd, which is large too, etc.

There are probably reasons I don't know about too :-)

Good luck!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]