[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LUKS-encrypted root and unencrypted /boot ?
|
From: |
Clément Lassieur |
|
Subject: |
Re: LUKS-encrypted root and unencrypted /boot ? |
|
Date: |
Fri, 03 Aug 2018 20:53:40 +0200 |
|
User-agent: |
mu4e 1.0; emacs 26.1 |
Benjamin Slade <address@hidden> writes:
> > Do you use Libreboot?
>
> Yes, I'm using Libreboot. Does this make a great difference over the
> manufacturer firmware in this case?
It might, because the GRUB used is the one shipped with Libreboot. So
it has nothing to do with Guix. I think talking to the libreboot people
would help you more. (Disclaimer: I have the same issue, I find that
pressing 'c' and typing 'cryptomount ahci0,gpt3' makes the process
faster.)
> > I'm unsure [using an unencrypted /boot] would help, because GRUB
> > would still have to unencrypt / to access the kernel (the kernel is
> > in /gnu/store).
>
> Ah, I see. Is this an immutable design decision? It would seem good to
> be able to keep the kernel in a separate space in order to avoid the
> issue of extremely long unlocking times when booting.
Nothing is immutable, but it's a strong design decision that all
packages data are put in /gnu/store. Linux is just one of them. Plus,
a characteristic of GuixSD is that you can revert to previous
configurations. Those configurations appear as GRUB lines. Each
configuration could have a different kernel and kernels take space, so
it wouldn't scale well. Plus, I think some other stuff is needed as
well, like the initrd, which is large too, etc.
There are probably reasons I don't know about too :-)
Good luck!
Clément
Re: LUKS-encrypted root and unencrypted /boot ?, Chris Marusich, 2018/08/02