From: Herman Rimm via Guix-patches via <guix-patches@gnu.org>
To: Lilah Tascheter <lilah@lunabee.space>, 68524@debbugs.gnu.org
Subject: [bug#68524] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader.
Date: Thu, 25 Jan 2024 11:03:57 +0100 [thread overview]
Message-ID: <a2deufa4hfixwgtksix7nxp7d7vwnslnoimhy4fblfb3dxl5wn@umkpvt4tlpwh> (raw)
In-Reply-To: <8cad5fa9951dad5f663ca5d441db0ffc181e35fe.1705466646.git.lilah@lunabee.space>
Hello,
On Tue, Jan 16, 2024 at 10:48:11PM -0600, Lilah Tascheter wrote:
> * doc/guix.texi (Bootloader Configuration)[bootloader,targets]: Document
> uefi-uki-bootloader and uefi-uki-signed-bootloader.
> * gnu/bootloader/uki.scm: New file.
Remember to note your copyright and register new files in gnu/local.mk.
> +(define* (uefi-uki-configuration-file #:optional cert privkey)
> + (lambda* (config entries #:key (old-entires '()) #:allow-other-keys)
old-entries got mistyped as old-entires.
> + (define (menu-entry->uki e)
> + (define stub (file-append systemd-stub "/libexec/" (systemd-stub-name)))
Can you have systemd-stub be an argument of uefi-uki-configuration-file?
> + (when (file-exists? schema)
> + (call-with-input-file schema
> + (lambda (port)
> + (for-each (lambda (l)
> + (unless (string-null? l)
> + (system* efibootmgr "-B" "-L" l)))
You can make this quiet.
> + (invoke efibootmgr "-c" "-L" label "-d" disk "-l"
Maybe this too?
> +(define install-uefi-uki
> + #~(lambda (bootloader target mount-point)
Get systemd-stub from bootloader with bootloader-package.
> + (invoke (string-append mount-point "/boot/install-uki.scm")
> + (string-append mount-point target))))
The way GRUB does it, if mount-point/boot/efi does not exist, try
install to /boot/efi in case the ESP got mounted there. Personally, I
think it's okay to only try install to mount-point/boot/efi.
> +(define-public uefi-uki-bootloader (make-uefi-uki-bootloader))
> +;; use ukify genkey to generate cert and privkey. DO NOT include in store.
> +(define-public (uefi-uki-signed-bootloader cert privkey)
> + (make-uefi-uki-bootloader cert privkey))
Can you use define instead and export the bootloaders in define-module?
I expect define-public procedures in package modules which would have to
use an export procedure with many arguments otherwise.
The install-uki.scm config file is a nice idea. It can be used to
regenerate the UKI and corresponding UEFI boot entry. Now that I think
about it, can that be included as an example? Like:
uefi-uki-bootloader installs install-uki.scm to /boot, you can use it
to (re)create the UKI manually: sudo ./install-uki.scm /boot/efi/. If
you need to chroot to an existing system on /mnt, mount efivars first:
mount --bind /sys/firmware/efi/efivars /mnt/sys/firmware/efi/efivars.
This is required for efibootmgr to (re)install the UEFI entry for the
corresponding UKI.
This bootloader has been very useful to me. I could easily chainload the
UKI from an install image GRUB, whenever I messed up the UEFI boot entry
for the EFI stub bootloader I'm working on.
Thank you,
Herman
next prev parent reply other threads:[~2024-01-25 10:05 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-17 4:23 [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-17 4:23 ` [bug#68525] [PATCH 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-01-17 4:23 ` [bug#68526] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-01-17 4:48 ` [bug#68524] [PATCH 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-01-25 10:03 ` Herman Rimm via Guix-patches via [this message]
2024-01-28 0:50 ` Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-01-28 9:51 ` [bug#68524] [PATCH v2 1/2] gnu: bootloaders: Add uki packages Lilah Tascheter via Guix-patches
2024-02-11 18:37 ` Hilton Chain via Guix-patches via
2024-01-28 9:51 ` [bug#68524] [PATCH v2 2/2] gnu: bootloaders: Add uefi-uki-bootloader Lilah Tascheter via Guix-patches
2024-02-11 18:39 ` Hilton Chain via Guix-patches via
2024-02-13 2:11 ` Lilah Tascheter via Guix-patches
2024-02-13 7:34 ` Lilah Tascheter via Guix-patches
2024-02-14 18:02 ` Hilton Chain via Guix-patches via
2024-02-11 18:37 ` [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot Hilton Chain via Guix-patches via
2024-02-20 1:08 ` [bug#68524] [PATCH " Nikolaos Chatzikonstantinou
2024-03-08 8:09 ` Lilah Tascheter via Guix-patches
2024-03-08 10:41 ` [bug#68524] Nikolaos Chatzikonstantinou
2024-03-23 19:40 ` [bug#68524] [PATCH 0/2] Support root encryption and secure boot Lilah Tascheter via Guix-patches
2024-03-24 9:38 ` Nikolaos Chatzikonstantinou
2024-07-29 5:11 ` [bug#68524] Fwd: " Ryan S via Guix-patches via
2024-08-15 13:14 ` [bug#68524] Rewrite Posted Lilah Tascheter via Guix-patches
2024-08-15 17:18 ` Nikolaos Chatzikonstantinou
2024-09-25 11:11 ` [bug#68524] [PATCH v3 0/5] Support root encryption and secure boot Herman Rimm via Guix-patches via
2024-09-25 11:11 ` [bug#68524] [PATCH v3 1/5] gnu: packages: Add pesign Herman Rimm via Guix-patches via
2024-09-25 11:12 ` [bug#68524] [PATCH v3 2/5] gnu: packages: Add ukify Herman Rimm via Guix-patches via
2024-09-25 11:12 ` [bug#68524] [PATCH v3 3/5] gnu: packages: Add systemd-stub Herman Rimm via Guix-patches via
2024-09-25 11:12 ` [bug#68524] [PATCH v3 4/5] gnu: system: Fix bootloader crypto device recognition Herman Rimm via Guix-patches via
2024-09-25 11:12 ` [bug#68524] [PATCH v3 5/5] gnu: bootloaders: Add uki-efi-bootloader Herman Rimm via Guix-patches via
2024-10-18 5:47 ` [bug#68524] One problem with uki bootloader amano.kenji via Guix-patches via
2024-10-21 15:41 ` [bug#68524] Can uki be used with grub? amano.kenji via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a2deufa4hfixwgtksix7nxp7d7vwnslnoimhy4fblfb3dxl5wn@umkpvt4tlpwh \
--to=guix-patches@gnu.org \
--cc=68524@debbugs.gnu.org \
--cc=herman@rimm.ee \
--cc=lilah@lunabee.space \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).