bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0

From:	Danny Milosavljevic
Subject:	bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0
Date:	Wed, 18 Nov 2020 17:54:21 +0100

On Mon, 16 Nov 2020 18:56:56 +0100
Jonathan Brielmaier <jonathan.brielmaier@web.de> wrote:

> We have now pretty good LUKS support, but I don't know if we support
> this use case. I always have `/boot` encrypted as well...

Unencrypted /boot and encrypted / is necessary to be able to use Heads
(right now).

(It measures /boot in order to find out whether it has been tampered with or
not)

If you want to be able to boot on a Heads system, either Heads needs to be
modified to mount encrypted / , or there needs to be an unencrypted /boot.

pgpvw9wWHtO2m.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0, Jonathan Brielmaier, 2020/11/16
- bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0, Danny Milosavljevic <=
  - bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0, Ludovic Courtès, 2020/11/18

Prev by Date: bug#44723: Latest binary tarball & Hurd qcow2 image unavailable (502)
Next by Date: bug#44717: ISO grub config points to nonexistent drive UUID.
Previous by thread: bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0
Next by thread: bug#25305: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0
Index(es):
- Date
- Thread