From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id 2AQ+OmNBXGGDbQEAgWs5BA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 05 Oct 2021 14:13:23 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id EBTONWNBXGEDbwAAbx9fmQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 05 Oct 2021 12:13:23 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id AA42D9FF8
	for <larch@yhetil.org>; Tue,  5 Oct 2021 14:13:23 +0200 (CEST)
Received: from localhost ([::1]:38942 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1mXjJy-0001Oc-Rt
	for larch@yhetil.org; Tue, 05 Oct 2021 08:13:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58180)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <reza.housseini@gmail.com>)
 id 1mXeHg-00051B-Js
 for guix-devel@gnu.org; Tue, 05 Oct 2021 02:50:44 -0400
Received: from mail-yb1-xb2f.google.com ([2607:f8b0:4864:20::b2f]:39783)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <reza.housseini@gmail.com>)
 id 1mXeHd-00064N-T2
 for guix-devel@gnu.org; Tue, 05 Oct 2021 02:50:39 -0400
Received: by mail-yb1-xb2f.google.com with SMTP id a7so13988095yba.6
 for <guix-devel@gnu.org>; Mon, 04 Oct 2021 23:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:reply-to:from:date:message-id:subject:to;
 bh=q3CGCk994MR9elqfXuGTIpL1xm5qZ58ewizv1AUqm2w=;
 b=G/9imMEy52bYn/8oMEw+04wBGcHSNwJNAaZ3YHXuh9NXQ4bahGRqoNHDiNmw9jdDlp
 1A7Y+8MJlbJjm/13e6msPY1mwO8eWPtHCGmvzM5B+K4duCmp4QRFFstQ0N/s6L866Tx4
 xQ1OkUpKRu1n54VzWwFcpqUTbaflwtDfUizS16XBI7JqAITO4WS7sW/LjIrOJqZsCnDl
 8Ov8PATYsMp7N05A3Z4EHlje7imnJs53alf8U6xT/CWKiTgTmXqVkHPktrmY72QoMbJC
 RR+eGP1xTvvxAuYoS22YzpG/cVsgCzUXOGwdSjn2JQC9ZzWXEQB+23JWr1jsgrAq9KX/
 Kw/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:reply-to:from:date:message-id
 :subject:to;
 bh=q3CGCk994MR9elqfXuGTIpL1xm5qZ58ewizv1AUqm2w=;
 b=hvyT5zPMr0LzmscP7NfmnPJC+OErqdWBR14TU8OFDdq9MeEZlYSepoYlx2NvJKtlgE
 9t990YHp+stsObUqQyZ+IxJ+jKahoAvHJR900JGnFQO0v9kvAVapXiJ5Dt76lKq50PpG
 k2XITZcWVCE7VkyvabSk+1igLUfxIkb/x//Xw9rUOz4z9q+S9XHyiApdvDJSxWrEIm2p
 asLkFeA+hRsyiPuSLNYKr/Q1z0hCGuvG3Gjlc1KArQvRF7xXR9ZHJ3TGFUVW1SRXWpGl
 rszmq7+jWjghigpCAeMse20Wf6Xq42GUycfZAwadxRj+BANjBywdCzYDwZ6KgNfXCPkY
 vZoA==
X-Gm-Message-State: AOAM531hRNsL3/JsfgWY1tVhGDJTNMmGfWAYRzefx+oFcVVaRORQhYQH
 wQaTW9PUa468+tfwbiuL8TpRs2UZd7OfA7Jg3Nb1ETpWKG3fWg==
X-Google-Smtp-Source: ABdhPJxLv3bBgpzhLJoWCz/lo/5eRbGtwmckc2O+/IJd+ZKuJT5Zko9/JRT876J6IqMwb6vEaMsGWl6TxZ2EZX6fLGI=
X-Received: by 2002:a25:7383:: with SMTP id
 o125mr20213054ybc.525.1633416632292; 
 Mon, 04 Oct 2021 23:50:32 -0700 (PDT)
MIME-Version: 1.0
From: Reza Housseini <reza.housseini@gmail.com>
Date: Tue, 5 Oct 2021 08:50:21 +0200
Message-ID: <CAGZc64G25fj57nZkbWT9CTpThCw-RQA7qoZ=svjNv5pxJ_hZyA@mail.gmail.com>
Subject: Authenticated Boot and Disk Encryption
To: guix-devel@gnu.org
Content-Type: multipart/alternative; boundary="0000000000002359d705cd9572b1"
Received-SPF: pass client-ip=2607:f8b0:4864:20::b2f;
 envelope-from=reza.housseini@gmail.com; helo=mail-yb1-xb2f.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Tue, 05 Oct 2021 08:12:56 -0400
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Reply-To: reza.housseini@gmail.com
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1633436003;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=q3CGCk994MR9elqfXuGTIpL1xm5qZ58ewizv1AUqm2w=;
	b=K8coeaqlmL55hVnZWv4P7Fks0wzs47FHKeDVLdbZnuliw69i1EbzqDWhQoXMTKq/fhhyir
	ZImODJt+qMUtiPdRBov6Ru2s46dO1HYd1B7G9uO3vYfBKCiPKlKqfcasrstlcM2bmcVIjX
	lIhuv1KMdNyYi8Y9ghR0iLetR6CM5PDc3Mbkg5/TfD3lob8gWGBHTrQ/3uVncu5hwg2VnD
	MiA1xB4+Ucqv3hahWDf8NV3CGXnFDdTQBkj2Jvo3iAFbL/NJHmr5Mkg3FHp8Ma9KxwWBGa
	bWjvXnXCuItqdqhAKzylu/jnife2THDwfUUSEFew2QE8krn/dSM3+B5AiJ62kg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1633436003; a=rsa-sha256; cv=none;
	b=fdnwMa50/6efMOHQEbKvpybr2h9x6KurjgjLLvVvXArey1+pJ6vbpe5OWl8Wwex+nZyR4l
	jy/EclU7BYvey5wHaTePvHG8nMcPpSKTX8Nk7LNQMnoaubBNryaM8DoG3HtFUpgNDDUZgf
	o+UmNRNnNxtZKMA/A2k7u1YcVpwLe4/BEHUXRzHdSnkOGgQ6+k6tko7NjSGekrXs/hNcph
	ZNpqM5S/07lWoRJC2S4p7n8peBc8lqTR3dV+X/ZhA1RAhRSF0THc3Hbf5lb5Qkws0aE92V
	rTs6JXXYXsER8J9LK4lz/7JCjdfbmmp8SxNJfCZXSsQdsf1DRTH1RElGFF+O/Q==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b="G/9imMEy";
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -4.01
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b="G/9imMEy";
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: AA42D9FF8
X-Spam-Score: -4.01
X-Migadu-Scanner: scn1.migadu.com
X-TUID: UmofCKFJXTC1

--0000000000002359d705cd9572b1
Content-Type: text/plain; charset="UTF-8"

Hello Guix!

I came across this blog post
<https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html>
and was wondering what is the state of authenticated boot and encryption in
Guix System?
I have this vision where you define such things in your system guile script
and everything gets configured appropriately, or at least the default setup
is as secure as possible.

Thanks for any insights.

Cheers, Reza

--0000000000002359d705cd9572b1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello Guix!</div><div><br></div><div>I came across th=
is <a href=3D"https://0pointer.net/blog/authenticated-boot-and-disk-encrypt=
ion-on-linux.html">blog post</a> and was wondering what is the state of aut=
henticated boot and encryption in Guix System?</div><div>I have this vision=
 where you define such things in your system guile script and everything ge=
ts configured appropriately, or at least the default setup is as secure as =
possible.</div><div><br></div><div>Thanks for any insights.</div><div><br><=
/div><div>Cheers, Reza<br></div></div>

--0000000000002359d705cd9572b1--