From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id gKPCCtEyAmR/mAAAbAwnHQ (envelope-from ) for ; Fri, 03 Mar 2023 18:48:01 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id yEPQCtEyAmTmJwEA9RJhRA (envelope-from ) for ; Fri, 03 Mar 2023 18:48:01 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0590C3B702 for ; Fri, 3 Mar 2023 18:48:01 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pY9VC-0005mY-G1; Fri, 03 Mar 2023 12:47:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pY9VA-0005mJ-UG for help-guix@gnu.org; Fri, 03 Mar 2023 12:47:28 -0500 Received: from relay11.mail.gandi.net ([217.70.178.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pY9V9-00056U-3L for help-guix@gnu.org; Fri, 03 Mar 2023 12:47:28 -0500 Received: (Authenticated sender: manu@beffara.org) by mail.gandi.net (Postfix) with ESMTPSA id 6B803100006 for ; Fri, 3 Mar 2023 17:47:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beffara.org; s=gm1; t=1677865643; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: references:references; bh=G1o6WXgzT9sbNJc85ew8CtMxedAwFZInA+dM9/+H8TE=; b=pUuQRwMMI3MQRHBgT2G+dRmWIVAnMbGtRJvTawBldd9hGTC+LjJhQySKjoZbPGMBqsVIdA X8iJYHre7/OIkjj5C3KBX51oAcOxH7lbYTst9/xDL4V0EjFvzx49ywYxcjC0By/1qLa3bp beYKqS45f7mGEITWvcxD/sE825/vtb5TMkcLXScD6dBrDp9Gy4bLoe+X6iba0VNoqpOWnH o7noUimM0fryt39pGRRQda+JZHW0nUSx7BGsG07/fYiCvXRKgmac5iQnhdyCt1ps81Cmst kW0iQwF9FVMtbEm9qWdQLlfpudXNoAObMOwDkt8M9g5IBr/4vqYWKO7YByx7xg== Date: Fri, 3 Mar 2023 18:47:20 +0100 Message-ID: <20230303184720.GG2153@beffara.org> From: Emmanuel Beffara To: help-guix@gnu.org Subject: Grub installation and configuration References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Received-SPF: none client-ip=217.70.178.231; envelope-from=manu@beffara.org; helo=relay11.mail.gandi.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677865681; a=rsa-sha256; cv=none; b=iYhLjx0WXf4aOCbQ3BFDII5161ioeb/gOGejaooTIIXZoYRSViVZJDBf3lWxgbYuqxT0Vc Oi7gTgYH13MZmU13kF0xVpDmkcxg0PneWFblqI/CQWUuBolaE1NuxNGEJfqMzq+OA6Iqdz T1/TfTsA+W5QT6m+TX5250uJ5CEKvTnNmgz3DuadcycSXsgPYzIlj5jm+7iOwOG9azzwFF WXqwE9sKpMrjkSuzLba04h0i94VwJR0Efzuam2jnOJH/uGt0AKDmTm+/euqPa8v4cdYFvu mtu3LylMeAQigKT8s6ul9yVpbZObW+wtl6WTAKKh5aWR8kn7F6Sa3qFmqhPMAw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=beffara.org header.s=gm1 header.b=pUuQRwMM; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677865681; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=G1o6WXgzT9sbNJc85ew8CtMxedAwFZInA+dM9/+H8TE=; b=aoZMx6xTL7OKse4bRyMjj09DFpL5tyFyLeIWbo3Iub4+wspG97KDC8tRHmKioXEQsD4o/9 v0NGW4UwvwR8wMOzGLQ0pDLhjvmubCVbQg+7q6gTlsYsnk6pcb8L/ZTqMbcTC4oS5OkWsF bfLgnXv4Cvuqvp6KUhFJfLdF2KDWS972Pv8U/wd/dbUrgY//rnAlR83+W52mWCfTjvL2+n Uz0GEoutgdlJNpVM6XY9PCVyBHv5v2AW7EGDVWxhZP7IksQ1N3s89O7X1TJQAKY/HAlk39 2V3GmSv3jNU2MEeFLhV+GxRbV7NbTAZto+LC3tpDyghK/jRwmhrg7pgequx3qg== X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -4.21 X-Spam-Score: -4.21 X-Migadu-Queue-Id: 0590C3B702 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=beffara.org header.s=gm1 header.b=pUuQRwMM; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-TUID: 65fo9f73fsoD Hello again, Continuing on my adventures with installing Guix System on LVM on LUKS with Grub as bootloader, I would like to suggest a few adujstments to how Grub is installed in Guix: - Install the keymaps in the EFI partition like the Grub modules, so that the proper keymap is setup early in the boot process. In the context of full-disk encryption, this is very important because in the current state of things, one has to enter the passphrase using the default US layout before the proper keymap can be loaded from the encrypted store. One can manage working around that with a bit of training, but having to enter a passphrase with an incorrect keymap is objectively a broken behaviour. Furthermore, when the kernel later requires the passphrase again, it has to be entered in the proper layout. This is inconsistent. - Set the terminal_output before any user input is required (and in particular the passphrase request), for proper interaction. In my case, the laptop has a HiDPI display and Grub starts with a nice terminal in 3840x2160 resolution with very small characters. Not only is it unreadable, but Grub is also known to be extremely slow with high resolutions [1], which makes interaction painful. [1] https://askubuntu.com/questions/1227735/grub-is-extremely-slow-1-second-per-key-input - Offer the option to put kernels and initrds in the EFI partition (and also any resource needed by Grub like the background picture, locales etc), so that Grub can be fully functional without decrypting. Apart from solving the issue of having to enter the passphrase twice and with different keymaps, this would also allow having Guix System in an encrypted partition while allowing to boot other systems without requiring its passphrase. I would love to propose patches for that but I am too much of a beginner with Guix to be able to do that right now… -- Emmanuel