From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: bug#21843: Generated grub.cfg does not support encrypted roots Date: Thu, 10 Mar 2016 10:48:37 +0100 Message-ID: <20160310094837.GA30197@solar> References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar> <20160308193309.GA2251@solar> <8760wuy9mt.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58096) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adxDN-0002tt-7I for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1adxDJ-0005f9-VW for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:45140) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adxDJ-0005f4-Rz for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1adxDJ-0007xI-KO for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <8760wuy9mt.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 21843@debbugs.gnu.org On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Courtès wrote: > IIUC we don’t *have* to pass the UUID to ‘cryptomount’; we could also > pass the device name, in GRUB format Yes, but my idea was that the uuid is something we can determine at instantiation time. If the mapped device is /dev/sdd3, we can run (system* "cryptsetup" "luksUUID" "/dev/sdd3") and obtain the uuid. I suppose we could also use the grub device (hd3,msdos3) in this case, but I do not know what is the mapping between /dev nodes and these devices, and if it is actually a function that could be computed from the file name in /dev only or not. > (mapped-device > (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID > (target "root") > (type luks-device-mapping)) > we’d have to extend with a method to resolve UUIDs > (in this case, to map a UUID to a /dev node.) We can also let the users do the work (and document this in the manual), by having them supply all the informatin: (mapped-device (source "/dev/sdd3") (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44") ;LUKS UUID (target "root") (type luks-device-mapping) (needed-for-boot? #t)) > Besides, I think we should only worry about the mapped device(s) that > back / and /boot, rather than any mapped device, no? This could either be solved by determining which file systems have needed-for-boot? #t and determine the corresponding mapped devices, or by adding such a parameter for the mapped-device as in my suggestion above. Or we do it all automatically for / and /boot and drop the parameter needed-for-boot? everywhere. Andreas