From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0 Date: Sat, 31 Dec 2016 00:52:04 +0100 Message-ID: <87inq16km3.fsf@gnu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: (Eddie Baxter's message of "Thu, 29 Dec 2016 23:37:10 +0000") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Eddie Baxter Cc: bug-guix@gnu.org, help-guix@gnu.org List-Id: bug-guix.gnu.org Hello! Eddie Baxter skribis: > I have attempted to install GuixSD on an encrypted root using LUKS, after > reading the release notes for 0.12.0 that implies this should now work - = My > config.scm is linked: > > https://gist.github.com/AcouBass/3a1a6ab28c17830a175dc7da95eb18cd > > I don't get any errors on installation, nor upon doing a system > reconfigure. > > At the moment I am still having to drop to a command prompt in Grub and u= se > the commands: > > insmod luks > cryptomount hd0,msdos2 The config has an unencrypted /boot and an encrypted root. What=E2=80=99s tested and known-good is a configuration with an encrypted root that contains /boot, like the one here: https://www.gnu.org/software/guix/manual/html_node/Using-the-Configuratio= n-System.html#index-encrypted-disk-1 It may be that this configuration is not correctly supported yet. I=E2=80=99m Cc=E2=80=99ing bug-guix@gnu.org so we keep track of this issue. > Which while it does work does mean I'm entering my passphrase twice > (As well as having to drop to the Grub command line!) The passphrase-twice issue seems hard to avoid: first GRUB needs to access the partition, and then the kernel needs to access it. If anyone is aware of ways to solve this, I=E2=80=99m all ears! Thanks for your report! Ludo=E2=80=99.