[PATCHES] Add more modules to the base-initrd

[PATCHES] Add more modules to the base-initrd

[Mark H Weaver]

[-- Attachment #1: Type: text/plain, Size: 1241 bytes --]

I've attached two patches to add more modules to the base-initrd.

The first adds the 'hid-generic' and 'hid-apple' modules, which are
needed to allow the user's disk encryption passphrase to be entered
during early boot on a MacBook 2,1 running Libreboot.  'hid-apple' is
needed for the machine's internal keyboard, and 'hid-generic' is needed
to support an external USB keyboard on that machine.

The second patch adds the 'serpent_generic' and 'wp512' crypto modules,
which support the Serpent cipher and Whirlpool digest algorithms.  These
are needed to mount an encrypted root partition set up with the
following command:

  cryptsetup -v --cipher serpent-xts-plain64 --key-size 512
    --hash whirlpool --use-random --verify-passphrase luksFormat

This is the command suggested in the documentation recently posted here
by Petter <petter@mykolab.ch>, who runs GuixSD on Libreboot machines
with fully encrypted disks (including / and /boot), and to my knowledge
is the first person to do so.

Petter's documentation was used by Albin <albin@fripost.org> to install
GuixSD with fully encrypted disks on a MacBook 2,1 running Libreboot,
but we found that more modules needed to be added to his initrd, hence
these patches.

       Mark



[-- Attachment #2: [PATCH 1/2] linux-initrd: Add hid-generic and hid-apple to the default set of modules. --]
[-- Type: text/x-patch, Size: 1662 bytes --]

From 511bfba7541cbd396955a8f88e50c42ae60a6b34 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Fri, 22 Jan 2016 18:29:40 -0500
Subject: [PATCH 1/2] linux-initrd: Add hid-generic and hid-apple to the
 default set of modules.

Fixes keyboard of MacBook2,1 during early boot, e.g. for typing a password to
mount an encrypted root partition.

* gnu/system/linux-initrd.scm (base-initrd)[linux-modules]: Add "hid-generic"
  and "hid-apple".
---
 gnu/system/linux-initrd.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index b1ea637..96c64cd 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -179,7 +180,7 @@ loaded at boot time in the order in which they appear."
     ;; Modules added to the initrd and loaded from the initrd.
     `("ahci"                                  ;for SATA controllers
       "usb-storage" "uas"                     ;for the installation image etc.
-      "usbhid"                                ;USB keyboards, for debugging
+      "usbhid" "hid-generic" "hid-apple"      ;USB keyboards, for debugging
       "dm-crypt" "xts"                        ;for encrypted root partitions
       ,@(if (string-match "^(x86_64|i[3-6]86)-" (%current-system))
             '("pata_acpi" "pata_atiixp"    ;for ATA controllers
-- 
2.6.3


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: [PATCH 2/2] linux-initrd: Add serpent_generic and wp512 to the default set of modules. --]
[-- Type: text/x-patch, Size: 1392 bytes --]

From 1aa4aa1441003d0bee4103163d29857a9682035e Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Fri, 22 Jan 2016 20:53:04 -0500
Subject: [PATCH 2/2] linux-initrd: Add serpent_generic and wp512 to the
 default set of modules.

Adds modules needed for encrypted root partitions using the Serpent cipher or
Whirlpool digest algorithms.

* gnu/system/linux-initrd.scm (base-initrd)[linux-modules]: Add
  "serpent_generic" and "wp512".
---
 gnu/system/linux-initrd.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index 96c64cd..45ac058 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -181,7 +181,7 @@ loaded at boot time in the order in which they appear."
     `("ahci"                                  ;for SATA controllers
       "usb-storage" "uas"                     ;for the installation image etc.
       "usbhid" "hid-generic" "hid-apple"      ;USB keyboards, for debugging
-      "dm-crypt" "xts"                        ;for encrypted root partitions
+      "dm-crypt" "xts" "serpent_generic" "wp512" ;for encrypted root partitions
       ,@(if (string-match "^(x86_64|i[3-6]86)-" (%current-system))
             '("pata_acpi" "pata_atiixp"    ;for ATA controllers
               "isci")                      ;for SAS controllers like Intel C602
-- 
2.6.3

Re: [PATCHES] Add more modules to the base-initrd

[Ludovic Courtès]

Mark H Weaver <mhw@netris.org> skribis:

> I've attached two patches to add more modules to the base-initrd.
>
> The first adds the 'hid-generic' and 'hid-apple' modules, which are
> needed to allow the user's disk encryption passphrase to be entered
> during early boot on a MacBook 2,1 running Libreboot.  'hid-apple' is
> needed for the machine's internal keyboard, and 'hid-generic' is needed
> to support an external USB keyboard on that machine.

Good!  I was going to do that but didn’t have time to check whether it
would cause problems on my non-Apple laptop (unlikely I guess.)  I guess
you didn’t notice any regression, right?

> The second patch adds the 'serpent_generic' and 'wp512' crypto modules,
> which support the Serpent cipher and Whirlpool digest algorithms.  These
> are needed to mount an encrypted root partition set up with the
> following command:
>
>   cryptsetup -v --cipher serpent-xts-plain64 --key-size 512
>     --hash whirlpool --use-random --verify-passphrase luksFormat
>
> This is the command suggested in the documentation recently posted here
> by Petter <petter@mykolab.ch>, who runs GuixSD on Libreboot machines
> with fully encrypted disks (including / and /boot), and to my knowledge
> is the first person to do so.

Excellent!

> Petter's documentation was used by Albin <albin@fripost.org> to install
> GuixSD with fully encrypted disks on a MacBook 2,1 running Libreboot,
> but we found that more modules needed to be added to his initrd, hence
> these patches.

Great.  I’m really happy that you’ve been working on this; it was a
glaring hole of GuixSD.

> From 511bfba7541cbd396955a8f88e50c42ae60a6b34 Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Fri, 22 Jan 2016 18:29:40 -0500
> Subject: [PATCH 1/2] linux-initrd: Add hid-generic and hid-apple to the
>  default set of modules.
>
> Fixes keyboard of MacBook2,1 during early boot, e.g. for typing a password to
> mount an encrypted root partition.
>
> * gnu/system/linux-initrd.scm (base-initrd)[linux-modules]: Add "hid-generic"
>   and "hid-apple".

Please add:

  Fixes <http://bugs.gnu.org/20433>.

>      ;; Modules added to the initrd and loaded from the initrd.
>      `("ahci"                                  ;for SATA controllers
>        "usb-storage" "uas"                     ;for the installation image etc.
> -      "usbhid"                                ;USB keyboards, for debugging
> +      "usbhid" "hid-generic" "hid-apple"      ;USB keyboards, for debugging

I think ‘hid-*’ is not just USB, is it?

> From 1aa4aa1441003d0bee4103163d29857a9682035e Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <mhw@netris.org>
> Date: Fri, 22 Jan 2016 20:53:04 -0500
> Subject: [PATCH 2/2] linux-initrd: Add serpent_generic and wp512 to the
>  default set of modules.
>
> Adds modules needed for encrypted root partitions using the Serpent cipher or
> Whirlpool digest algorithms.
>
> * gnu/system/linux-initrd.scm (base-initrd)[linux-modules]: Add
>   "serpent_generic" and "wp512".

OK.

Thank you!

Ludo’.