From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: Libreboot + WDE + GuixSD: Need some advice Date: Wed, 12 Apr 2017 17:21:33 +0200 Message-ID: <87efwxabya.fsf@fastmail.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59097) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cyK5V-0008QQ-L0 for help-guix@gnu.org; Wed, 12 Apr 2017 11:21:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cyK5Q-000306-Uf for help-guix@gnu.org; Wed, 12 Apr 2017 11:21:41 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:44992) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cyK5Q-0002zW-GX for help-guix@gnu.org; Wed, 12 Apr 2017 11:21:36 -0400 In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Stephen Sloan , help-guix@gnu.org --=-=-= Content-Type: text/plain Stephen Sloan writes: > I am looking for some advice. > > I'm am setting up a libreboot + whole disk encryption + guixsd laptop. > Libreboot has grub in the BIOS, which allows for encrypting the whole disk. > > According to the libreboot docs, I can make the grub config available at > /boot/grub/libreboot_grub.cfg and the grub installed on the BIOS will load > and use that config file. I've installed guixsd with --no-grub, I have > libreboot installed, and the disk encrypted, now I just need to make it > bootable! Wow, cool! `guix system --no-grub` will actually build out grub.cfg in the store, just not write it to the actual bootloader configuration. So you can try to `find /gnu/store -maxdepth 1 -name '*grub.cfg'` and copy it in place. It will also print the location when running `reconfigure`: root@xbmc ~# guix system reconfigure --no-grub /etc/config.scm substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 100.0% The following derivation will be built: /gnu/store/dp0v27hgc93a18zva7wqnl5rl3h1yvm2-grub.cfg.drv /gnu/store/r2y4bn5p162pah9lqa3mqyplj09va65x-system /gnu/store/jnnzn804d2ss2vk7k8hxkzh07waj0x75-grub.cfg > I think I need to make the correct grub config file available at that > location whenever I reconfigure. I can manage the coding, but I'd like > hints on the best way to go about this with guix. I think making the field take a "copy-only?" option would be a decent fix for now. Currently the build code expects to run "grub-install", look into gnu/system/grub.scm and gnu/build/install.scm for starters. > There are some other options I've considered. I could reflash my BIOS as > part of the reconfiguration process. Or maybe I could chain-load two grub > installations, possibly with an unencrypted /boot. We don't have libreboot in Guix yet, but the ability to install it at reconfigure time would be nice. Sounds risky, though :) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAljuRf0ACgkQoqBt8qM6 VPpiDggAjiXqekUUWxA+2FfyG5swAU+6R/rWNGX8xdTG8hLX/Hl/JA/ERgaakHRd SQug8X1WCYrKNSlzZQFDbPQOnY+IDKMLftwBT2pKW7mafI4UaUocJ+0Cw9p4ep7L 3vEPNXuiBkur3CQAuvXepAbZ995IXIHDgsp6RhTwoStixv0EVaL0QDxFsumCWzql P7rs3ugFAQ00tIxxRGNiWqyfDlHO1kZPO9jc06nA+b1OlxwP+d5jlfqhKai1MrwX nN6mML+9kPuXp0HtmsRDIH/BxEa0MFG3QGGxTWrhYjPBxV1SPDAfh3a9vjLhIVob qjIXxPKt3rHIY0QmuGFiFtzDbHLm4A== =sNAY -----END PGP SIGNATURE----- --=-=-=--