From: Hilton Chain via Guix-patches via <guix-patches@gnu.org>
To: Lilah Tascheter <lilah@lunabee.space>
Cc: Vagrant Cascadian <vagrant@debian.org>,
68524@debbugs.gnu.org, Herman Rimm <herman@rimm.ee>,
Efraim Flashner <efraim@flashner.co.il>
Subject: [bug#68524] [PATCH v2 2/2] gnu: bootloaders: Add uefi-uki-bootloader.
Date: Thu, 15 Feb 2024 02:02:19 +0800 [thread overview]
Message-ID: <87r0hegc0k.wl-hako@ultrarare.space> (raw)
In-Reply-To: <8ab5d0bc36ced87463e0e64ca367266c80bd633d.camel@lunabee.space>
Hi Lilah,
On Tue, 13 Feb 2024 15:34:55 +0800,
Lilah Tascheter wrote:
>
> > * add secure-boot-cert and secure-boot-key fields to bootloader-
> > configuration.
How about using a pair instead of two fields? And because the usage depends on
the bootlodaer, I'd like to use a generic name.
e.g. signing-keypair
=> '("/path/to/certificate" . "/path/to/private.key")
> > * deprecate configuration-file and configuration-file-generator in
> > the bootloader struct, and instead create an install-configuration-file
> > field, similar to install-bootloader. default procedure will be to do the
> > current install-boot-cfg (gnu build install) using the deprecated fields.
I'd prefer ‘configuration-installer’, since the installation target may not be a
file. :)
I don't think the deprecation is necessary though, other bootloaders don't have
to duplicate this part of code, and in my opinion the following definition does
make sense.
--8<---------------cut here---------------start------------->8---
(define uefi-uki-bootloader
(bootloader
(name 'uefi-uki)
(package systemd-stub)
(installer install-uefi-uki)
(configuration-installer install-uefi-uki-configuration)
(configuration-file #f)
(configuration-file-generator #f)))
--8<---------------cut here---------------end--------------->8---
> > * rework uki.scm to, instead, run efibootmgr in install-
> > configuration-file and install the uki.efi files in install-bootloader.
> > remove the separation between uefi-uki-signed-bootloader and
> > uefi-uki-bootloader, instead working off the new bootloader-configuration
> > fields.
>
> amending: also edit the bootloader-installer and bootloader-disk-image-installer
> procedures to provide the bootloader-configuration in some manner.
I agree that <bootloader> needs modifying, since unified kernel images currently
cannot be well described. And to support proper generation switching, some
fields of <bootloader-configuration> need exposing.
As this now involves deeper change, I think it's better to post the plan on
guix-devel@gnu.org for wider visibility and potential discussions.
Thanks
next prev parent reply other threads:[~2024-02-14 18:10 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-17 4:23 [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-17 4:23 ` [bug#68525] [PATCH 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-01-17 4:23 ` [bug#68526] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-25 10:03 ` Herman Rimm via Guix-patches via
2024-01-28 0:50 ` Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-02-11 18:37 ` Hilton Chain via Guix-patches via
2024-01-28 9:51 ` [bug#68524] [PATCH v2 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-02-11 18:39 ` Hilton Chain via Guix-patches via
2024-02-13 2:11 ` Lilah Tascheter via Guix-patches
2024-02-13 7:34 ` Lilah Tascheter via Guix-patches
2024-02-14 18:02 ` Hilton Chain via Guix-patches via [this message]
2024-02-11 18:37 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Hilton Chain via Guix-patches via
2024-02-20 1:08 ` [bug#68524] [PATCH " Nikolaos Chatzikonstantinou
2024-03-08 8:09 ` Lilah Tascheter via Guix-patches
2024-03-08 10:41 ` [bug#68524] Nikolaos Chatzikonstantinou
2024-03-23 19:40 ` [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-03-24 9:38 ` Nikolaos Chatzikonstantinou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r0hegc0k.wl-hako@ultrarare.space \
--to=guix-patches@gnu.org \
--cc=68524@debbugs.gnu.org \
--cc=efraim@flashner.co.il \
--cc=hako@ultrarare.space \
--cc=herman@rimm.ee \
--cc=lilah@lunabee.space \
--cc=vagrant@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).