From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id GOTZBqT7xF4WDwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 20 May 2020 09:43:00 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 8C+hAqT7xF5/ZgAAbx9fmQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 20 May 2020 09:43:00 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id D2256940308
	for <larch@yhetil.org>; Wed, 20 May 2020 09:42:59 +0000 (UTC)
Received: from localhost ([::1]:36582 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1jbLFa-0003Za-Qa
	for larch@yhetil.org; Wed, 20 May 2020 05:42:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51290)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@ambrevar.xyz>) id 1jbLEz-0002sR-Uv
 for guix-devel@gnu.org; Wed, 20 May 2020 05:42:21 -0400
Received: from relay4-d.mail.gandi.net ([217.70.183.196]:38531)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@ambrevar.xyz>) id 1jbLEy-0000no-Jn
 for guix-devel@gnu.org; Wed, 20 May 2020 05:42:21 -0400
X-Originating-IP: 78.199.129.170
Received: from mimimi (moi44-1-78-199-129-170.fbx.proxad.net [78.199.129.170])
 (Authenticated sender: mail@ambrevar.xyz)
 by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id B5832E0011;
 Wed, 20 May 2020 09:42:15 +0000 (UTC)
From: Pierre Neidhardt <mail@ambrevar.xyz>
To: Guillaume Le Vaillant <glv@posteo.net>
Subject: Re: Unencrypted boot with encrypted root
In-Reply-To: <87blmjout6.fsf@yamatai>
References: <87ftdmi7pp.fsf@ambrevar.xyz>
 <17c316adc8485d1f09f70d291cfaad50258c6c1f.camel@wine-logistix.de>
 <87k12wsg36.fsf@ambrevar.xyz>
 <d90905feac53ae8ed431c7428baf09ae87013658.camel@wine-logistix.de>
 <87y2rcgx6y.fsf@yamatai> <87eerih8pq.fsf@ambrevar.xyz>
 <87blmjout6.fsf@yamatai>
Date: Wed, 20 May 2020 11:42:14 +0200
Message-ID: <87blmjx7rd.fsf@ambrevar.xyz>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Received-SPF: pass client-ip=217.70.183.196; envelope-from=mail@ambrevar.xyz;
 helo=relay4-d.mail.gandi.net
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/20 04:26:39
X-ACL-Warn: Detected OS   = Linux 3.11 and newer
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Spam-Score: -0.61
X-TUID: qJVQAH/odtKU

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

There is at least one benefit using ZFS: encrypted subvolumes (also
known as datasets).

Currently in Guix it's impossible to have a subvolume for the store and
an encrypted subvolume for /home.
In order to have an unencrypted root and an encrypted /home, we must put
them on different _partitions_ so that we can crypt /home with LUKS.
This has the big downside of imposing a fixed size at creation time.

With ZFS, it would be possible to an encrypted /home without encrypting
/gnu/store and without fixing the size at creation time.

=2D-=20
Pierre Neidhardt
https://ambrevar.xyz/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl7E+3YACgkQm9z0l6S7
zH+q/gf/Y4OXSVmiAbpHGseH64md/cN/W6U03lCvqQDRd4MQhQ7+DhaPugTS1iOj
sqOewZOl4c/ub1vLpJL2bunPjzwwh2TKETXwa71a3/k7siluBK+YKrrKFEy+2y8z
n97RFJdVNiq8dc61+xMtFqZkVnTqNyBUdt087sWZ+AlUQuNQx8xvUvufnby6CQIK
Zec0TUJKLrB1dTW8q0Z2E3SH/vpDCZ8X7Vj8lPhL6webNLHnjr/J+GcRJaUkiXkD
IdJtkMU1dzxIOtnL8NeXOYzRtoZ00QAsUBM+ForIQnJQF+BXBjA6t+oWTTJ7Js3V
gtluE8/3hf/rLnSqRAP1Ub62WZv4cQ==
=1c2P
-----END PGP SIGNATURE-----
--=-=-=--