From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Subject: Re: LUKS-encrypted root and unencrypted /boot ?
Date: Fri, 03 Aug 2018 20:53:40 +0200
Message-ID: <878t5n8eob.fsf@lassieur.org>
References: <87in4tgbg4.fsf@jnanam.net> <87effh8d94.fsf@lassieur.org>
	<87a7q3fkji.fsf@jnanam.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58614)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flfCu-0006pI-B5
	for help-guix@gnu.org; Fri, 03 Aug 2018 14:53:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flfCq-0000CE-Bf
	for help-guix@gnu.org; Fri, 03 Aug 2018 14:53:48 -0400
Received: from mail.lassieur.org ([83.152.10.219]:59556)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <clement@lassieur.org>)
	id 1flfCq-0000BT-14
	for help-guix@gnu.org; Fri, 03 Aug 2018 14:53:44 -0400
In-reply-to: <87a7q3fkji.fsf@jnanam.net>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Benjamin Slade <beoram@gmail.com>
Cc: help-guix@gnu.org

Benjamin Slade <beoram@gmail.com> writes:

>  > Do you use Libreboot?
>
> Yes, I'm using Libreboot. Does this make a great difference over the
> manufacturer firmware in this case?

It might, because the GRUB used is the one shipped with Libreboot.  So
it has nothing to do with Guix.  I think talking to the libreboot people
would help you more.  (Disclaimer: I have the same issue, I find that
pressing 'c' and typing 'cryptomount ahci0,gpt3' makes the process
faster.)

>  > I'm unsure [using an unencrypted /boot] would help, because GRUB
>  > would still have to unencrypt / to access the kernel (the kernel is
>  > in /gnu/store).
>
> Ah, I see. Is this an immutable design decision?  It would seem good to
> be able to keep the kernel in a separate space in order to avoid the
> issue of extremely long unlocking times when booting.

Nothing is immutable, but it's a strong design decision that all
packages data are put in /gnu/store.  Linux is just one of them.  Plus,
a characteristic of GuixSD is that you can revert to previous
configurations.  Those configurations appear as GRUB lines.  Each
configuration could have a different kernel and kernels take space, so
it wouldn't scale well.  Plus, I think some other stuff is needed as
well, like the initrd, which is large too, etc.

There are probably reasons I don't know about too :-)

Good luck!
Cl=C3=A9ment