From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#21843: Generated grub.cfg does not support encrypted roots Date: Fri, 11 Mar 2016 09:45:07 +0100 Message-ID: <87r3fh4d4c.fsf@gnu.org> References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar> <20160308193309.GA2251@solar> <8760wuy9mt.fsf@gnu.org> <20160310094837.GA30197@solar> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57840) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aeIhx-0001oZ-Kc for bug-guix@gnu.org; Fri, 11 Mar 2016 03:46:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aeIhu-0002o0-4u for bug-guix@gnu.org; Fri, 11 Mar 2016 03:46:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:47145) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aeIhu-0002nw-1d for bug-guix@gnu.org; Fri, 11 Mar 2016 03:46:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aeIht-0003dx-TU for bug-guix@gnu.org; Fri, 11 Mar 2016 03:46:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20160310094837.GA30197@solar> (Andreas Enge's message of "Thu, 10 Mar 2016 10:48:37 +0100") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Andreas Enge Cc: 21843@debbugs.gnu.org Andreas Enge skribis: > On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Court=C3=A8s wrote: >> IIUC we don=E2=80=99t *have* to pass the UUID to =E2=80=98cryptomount=E2= =80=99; we could also >> pass the device name, in GRUB format > > Yes, but my idea was that the uuid is something we can determine > at instantiation time. If the mapped device is /dev/sdd3, we can run > (system* "cryptsetup" "luksUUID" "/dev/sdd3") > and obtain the uuid. Hmm yeah, but we don=E2=80=99t even do that for regular partitions. > I suppose we could also use the grub device (hd3,msdos3) in this case, > but I do not know what is the mapping between /dev nodes and these device= s, > and if it is actually a function that could be computed from the file name > in /dev only or not. =E2=80=98grub-probe=E2=80=99 should know, I think. >> (mapped-device >> (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID >> (target "root") >> (type luks-device-mapping)) >> we=E2=80=99d have to extend with a method to resolv= e UUIDs >> (in this case, to map a UUID to a /dev node.) > > We can also let the users do the work (and document this in the manual), > by having them supply all the informatin: > > (mapped-device > (source "/dev/sdd3") > (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44") ;LUKS UUID > (target "root") > (type luks-device-mapping) > (needed-for-boot? #t)) I think the goal of providing a UUID is to not have to worry about the actual device name (which could change). The =E2=80=98needed-for-boot?=E2=80=99 flag should be unnecessary because i= t can be inferred from corresponding file systems, as is already the case. >> Besides, I think we should only worry about the mapped device(s) that >> back / and /boot, rather than any mapped device, no? > > This could either be solved by determining which file systems have > needed-for-boot? #t and determine the corresponding mapped devices, > or by adding such a parameter for the mapped-device as in my suggestion > above. > > Or we do it all automatically for / and /boot and drop the parameter > needed-for-boot? everywhere. We keep it only in =E2=80=98file-system=E2=80=99, I think. Anyway, sounds like quite a bit of work here. :-) Ludo=E2=80=99.