From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id KAJ9Ne2+mGKdoAAAbAwnHQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 02 Jun 2022 15:45:17 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id GHFkNe2+mGKAWwEAauVa8A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 02 Jun 2022 15:45:17 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 66E4AD534
	for <larch@yhetil.org>; Thu,  2 Jun 2022 15:45:17 +0200 (CEST)
Received: from localhost ([::1]:36594 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1nwl8V-00039L-Vg
	for larch@yhetil.org; Thu, 02 Jun 2022 09:45:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43308)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nwl8I-000381-I1
 for bug-guix@gnu.org; Thu, 02 Jun 2022 09:45:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:59296)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nwl8I-0004LL-7F
 for bug-guix@gnu.org; Thu, 02 Jun 2022 09:45:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nwl8I-0001Zs-3G
 for bug-guix@gnu.org; Thu, 02 Jun 2022 09:45:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#55723: Full disk encryption with grub-efi and LUKS2
Resent-From: Giovanni Biscuolo <g@xelera.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 02 Jun 2022 13:45:02 +0000
Resent-Message-ID: <handler.55723.B55723.16541774786006@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55723
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Josselin Poiret <dev@jpoiret.xyz>, Lars-Dominik Braun <lars@6xq.net>,
 55723@debbugs.gnu.org
Received: via spool by 55723-submit@debbugs.gnu.org id=B55723.16541774786006
 (code B ref 55723); Thu, 02 Jun 2022 13:45:02 +0000
Received: (at 55723) by debbugs.gnu.org; 2 Jun 2022 13:44:38 +0000
Received: from localhost ([127.0.0.1]:53191 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nwl7u-0001Yo-Hn
 for submit@debbugs.gnu.org; Thu, 02 Jun 2022 09:44:38 -0400
Received: from ns13.heimat.it ([46.4.214.66]:54472)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <g@xelera.eu>) id 1nwl7s-0001YY-D9
 for 55723@debbugs.gnu.org; Thu, 02 Jun 2022 09:44:36 -0400
Received: from localhost (ip6-localhost [127.0.0.1])
 by ns13.heimat.it (Postfix) with ESMTP id ED76E30087D;
 Thu,  2 Jun 2022 13:44:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it
Received: from ns13.heimat.it ([127.0.0.1])
 by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 17MPEOfbeWpZ; Thu,  2 Jun 2022 13:44:28 +0000 (UTC)
Received: from bourrache.mug.xelera.it (unknown [93.56.171.41])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by ns13.heimat.it (Postfix) with ESMTPSA id 18E0D30085C;
 Thu,  2 Jun 2022 13:44:28 +0000 (UTC)
Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14])
 by bourrache.mug.xelera.it (Postfix) with SMTP id A64171B3E32C;
 Thu,  2 Jun 2022 15:44:27 +0200 (CEST)
Received: (nullmailer pid 11199 invoked by uid 1000);
 Thu, 02 Jun 2022 13:44:27 -0000
From: Giovanni Biscuolo <g@xelera.eu>
In-Reply-To: <87fskqgew4.fsf@jpoiret.xyz>
Organization: Xelera.eu
References: <YpSXc6binZlmdwdd@noor.fritz.box> <87fskqgew4.fsf@jpoiret.xyz>
Date: Thu, 02 Jun 2022 15:44:26 +0200
Message-ID: <87zgiv5ged.fsf@xelera.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1654177517;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post;
	bh=y0wN361GCKrHSCBc0Vi1sHcfFHglMOVvOaGcdWwdCU4=;
	b=Pmyo9eal+hBAhEQF2C4Ru2Y17MtZmRGueD9cYJkkmyGiCalVFyEQj78xYDrhaJRmyhO7Vk
	3QrJsHftn3ERslVL9swYWUhnJf+UgICh1+9X1m8U1IejpYHexwp3bBnPctiygAKdjLfFZ8
	GSU+XIecEnJ+OByDXwClIO7xcawuCIQMhKuxESJq7nloCaNiHpzqDvb1M2exFAa96y89jz
	RRkr7B2pFdKCdspjpSD4RqBBlgw/4U9OLLYYc9swmL37Y0Fbn3ERj9NtF0hEdE7N9b1awr
	Sd5k7Aaz8+jMjixuKLbUcj/iSxYZlF61Fyu3xmO7rEfChMjeenfpsi15RYii1g==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654177517; a=rsa-sha256; cv=none;
	b=WPz14iT58sVk0WMtrI6Hc16Byl82Yf+psBSmpIeTflIjN7jHYtIaMVvi3NEn6wZY3COKOu
	ZNafqKuw1C/ohVtXH1J8svraOwXovTq+ShS92UbeBD2lAe55vrq+Cw+X5cslwx3yLoJUW1
	3iGiaDwJE8RI/x9MGh2enEgrII6L2Sw6QBXlixtFOVTPaBOLdnBYipS4Rq7kyoryAn1uq+
	3VjLeiFlNsTqCcTPRnJO5Fq3ZRHIORV/1aCjGxst6JKdyIBc4yB/a3qC3UTZ7/VAJtgJJF
	tJoKk9Xs27PodQmS1Hcm/KO/radVP5Zkq1VZRZ/5UVRi4VANGvspAGeptdkwFw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -5.62
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 66E4AD534
X-Spam-Score: -5.62
X-Migadu-Scanner: scn0.migadu.com
X-TUID: rxEJGH/gQg+p

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello Josselin and Lars-Dominik

Josselin Poiret via Bug reports for GNU Guix <bug-guix@gnu.org> writes:

[...]

>> Supposedly there are also patches for grub-mkimage, but maybe we can
>> include a workaround like the above by default until then or remove the
>> section about LUKS2 entirely?
>
> Thank you for posting this bug and sorry for taking so long with this.
> I'd suggest that we instead add a warning that `/boot/` must be
> unencrypted for LUKS2+GRUB to work for now, possibly pointing to this
> bug.

As Josselin wrote in the proposed patch, actually /boot/ on LUKS1 is
working well

In case it is helpful, it's possible to "Downgrade" a LUKS2 volume to
LUKS1, I found this guide useful:
https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

[...]

> to include.  My approach at [1] is to ask device-mapper directly, but
> there are also other patches trying various other methods, and the
> consensus now seems to be that each patch does one thing well and that
> we should combine all of the good parts.

Thank you very much for the update and the work on GRUB!

Please is there any upstream (GRUB) bug report we can point to in this
one so we can follow the situation and know when upsstream will release
the patch?

[...]

Happy hacking! Gio'

=2D-=20
Giovanni Biscuolo

Xelera IT Infrastructures

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmKYvroMHGdAeGVsZXJh
LmV1AAoJENN9DqfOzDkSsmgP/1vijdwVrU9BqnuqD25jBH5FhgeGe5evfsNyGAA/
lbX6H+kA/nqxJEhPeVyWFim8RhCuPT9qxeExmq424bUfK+LwV9If0WzUq7q7MIOj
Lw2G990G10kup2qTcCJHEXG7hdbl83yEv8SQD9AFA9iwdIysEyi9DFh+CJj4xQwv
6Ghzx9FOu8NtzrL3t+Sh6+APEBzoFDpu2NsKE8CUFDs0m/NDMS4fx8vqhbj040xk
9fyVD5NyEMmaLAlsbgQlAL/r6eyxaxKqwVsSRMVUYYJy5u+VGQqixxYOrT3wB0HA
y1Mb5KR6Htn9/0bzJYgJPKzwAsSEjz/dx14pGRAu4lYktkEXYHzyr2N0BxWfuqeQ
k4eVfJkfE9PQmmuWlxLboaTg6JIGqF9S1ouNuYG6BIbDmO6lmomlerTNWzZYppmt
JoJj6zMlX0/RJJ0FhhBxrgeGX9Dp9RHrUZ3Bwowq38q9jrgBWi8e5f6xt+Zbg74b
GJNoT0zxPWXZHjQ/+1OqlX48YISezjOUFpME5IQP5IKYuTcFo0WomVdtF9hG7ED/
bl9ptSraS7T8JtIgqQpZMFGvPUnsIQsYq8Eb9YsHm0qZWcLjJu1aP6lLSpN/W6hk
sxUQvzSw79FwwilIx4dwSFodOv5ETnDnLJK8JjT3E10IVHbWcTeI9+AH+jFiXXyX
tDMg
=21df
-----END PGP SIGNATURE-----
--=-=-=--