From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id SIdbDMyyz2WjcAAAe85BDQ:P1
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 16 Feb 2024 20:09:00 +0100
Received: from aspmx1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2.migadu.com with LMTPS
	id SIdbDMyyz2WjcAAAe85BDQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 16 Feb 2024 20:09:00 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=S76sItgJ;
	dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=AkmfcJwF;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=lunabee.space (policy=reject)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1708110459;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=YLRZfapd8GfcXr2JJHVG1YZme/kFxyHG3yoH6cNdwoE=;
	b=lWn/HKjuwgJUTuwBWLNr7Eq6SFsw01rk2BcqOvXRvpu8x1eWlOn1OWhHAuRcqgZgRmxwYj
	inJvJW0Y0qHIf+Hlz1GM2dbswXV9ImfEFiK1Csv4skhLElG+j+7egK4kb2s2i8Fjw1gT5q
	vPhoyGJlXe6ARssRTQFuJLG39FU5E3AAKdQf06F4zodUN9nP3FWMeOA5WsEh4uZcMsAOMt
	B4sJyf/AGgicBGBm4rjLClOMqrOlreB6Ny3tdTWCLcvQ7mJfjIPRxtmH4V01TTTNx65IYI
	+VEtjeUJ4bFt8LB4kMukSy9cW6gqE7Hl+0A6TAxka7rGmILQIgYD5UPBVecq+g==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=S76sItgJ;
	dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=AkmfcJwF;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=lunabee.space (policy=reject)
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1708110459; a=rsa-sha256; cv=none;
	b=nsX0Xj0jfFParMPihdED2Zypgg0gLcJyNoiYDWKuUCsRBIiLdHB9n+tHL6ghVeUl6UEmsT
	Y/XQAbuiEauSoUjFYr28AGW3TwOGQ6SrwQVTMTft/0GuFFJC87Y50iZ2qqFyb2mjl3UqFz
	pPsyVBEHWMNk+h+v0VPzdpsbPVOWFSYXlkAtLjTcyDlJQGTr+gGosVZP6nL0Ig+cxBL36a
	OmZ/Xrkv8P8VYJ7twzT2htrZWFAaYuav8x0JMcxbpBEbRGdUIfh4BDIUQ7QkTHHvM3hx5f
	jBM/eN13JElboZdLZob3gGo1QtnPPqKdPMc07G1nf2vIJIlPX+3KNsZ6kpMA+g==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 40A5C68937
	for <larch@yhetil.org>; Fri, 16 Feb 2024 20:07:39 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1rb3Fp-0007dc-DR; Fri, 16 Feb 2024 13:48:09 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lilah@lunabee.space>)
 id 1raWBK-000578-MG
 for guix-devel@gnu.org; Thu, 15 Feb 2024 02:29:18 -0500
Received: from sendmail.purelymail.com ([34.202.193.197])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lilah@lunabee.space>)
 id 1raWBJ-0007vv-1O
 for guix-devel@gnu.org; Thu, 15 Feb 2024 02:29:18 -0500
DKIM-Signature: a=rsa-sha256;
 b=S76sItgJi3HXv0EtUyJkMh7pkxDgGOrqrMsTx+tPKmoGqyMmbcoNY4BVqpWuSGlT+WKvKKxgCEbhxAYs+M8It+YbUSHCwjgTzORKoEiFgKZid+V3y/oTmAvPbPXExTN6P6hrGJ28aS7/9IqNqlWApW/PZqlRpvz3B1vnAL5uu0JPWKIpHKvr2sWAayr0iq85z9KDxMVitWcNkbW2YBrboTpBmn4L6Gu35k5jsaKwtKvqh2XEi0NWv87oyR/pQ4YH1fFXY6TqEf5Yc5WcJlXPgtyzXlztp7ESYNka+l4nxPOfKIxTohC3nc1iJFp8JH5BvLLK7C1cWt2UTzyQC8uafQ==;
 s=purelymail2; d=lunabee.space; v=1;
 bh=ExADKLgIglA+rW2ghJJp5swz7bQlJsIGbNdISb56sz4=; h=Received:Subject:From:To; 
DKIM-Signature: a=rsa-sha256;
 b=AkmfcJwFGfxFZoyglBFuefjzgqh51XVCZl8LLuDCyhGGcT6owOrKHKcX0Ey5Q7TCEbH1JmV4QZUST3tDkkmo8I4LFKoOk/X4xYbwIyKHPLuiEo2fZPbpNHP7f5mOHInYtxRyCiwsna+UMBict1AUlBTWNWAUksrIMkeZzmzedqQmxRShn8MBMljDhL3q0FoeTWFZc/DBblaeExM9ZCKCQXA96pKELoKPsPPuepr0btVpAWTiRjTtyNUTWe5aU6HrO+cdITK4TTwLT0ryb90w3Ef96zvbIUhCSNAEEUwwV/co+CjD54jvemuNJrqBFb9k+KA1Splskh4DJkWOP6rMaA==;
 s=purelymail2; d=purelymail.com; v=1;
 bh=ExADKLgIglA+rW2ghJJp5swz7bQlJsIGbNdISb56sz4=;
 h=Feedback-ID:Received:Subject:From:To; 
Feedback-ID: 8937:2070:null:purelymail
X-Pm-Original-To: guix-devel@gnu.org
Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 204231253; 
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Thu, 15 Feb 2024 07:29:06 +0000 (UTC)
Message-ID: <3cf16a155c1742eff056fc1dc3e0c31366e677ba.camel@lunabee.space>
Subject: [RFC] proposal for refactoring bootloaders
From: Lilah Tascheter <lilah@lunabee.space>
To: guix-devel@gnu.org
Cc: Hilton Chain <hako@ultrarare.space>
Organization: Dissociation for Heresiographal Computation
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Date: Thu, 15 Feb 2024 01:28:25 -0600
User-Agent: Evolution 3.46.4 
Received-SPF: pass client-ip=34.202.193.197; envelope-from=lilah@lunabee.space;
 helo=sendmail.purelymail.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Fri, 16 Feb 2024 13:48:07 -0500
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Scanner: mx10.migadu.com
X-Migadu-Spam-Score: -0.61
X-Spam-Score: -0.61
X-Migadu-Queue-Id: 40A5C68937
X-TUID: hitn4P7rIUSE

hi everyone!

I've been working on submitting to mainline some bootloaders I
packaged a while ago on my channel (an efi-stub bootloader supporting
secure boot & full disk encryption and p-boot for pinephones) and came
across a good few hard points in how guix handles bootloaders. the
current system seems to have been made with only grub/extlinux-alikes
in mind, and makes working with everything else extremely cumbersome
and incompatible with generation rollbacks. before I start
making/submitting changes, I wanted to ask for opinions on the following
plan:

* merge bootloader-installer and bootloader-disk-image installer.
  almost all cases where one is used, the other is called with almost
  the exact same arguments, except for in (gnu system image), which
  provides the image itself. this should be provided in general; BIOS
  bootloaders and u-boot need to know the main disk device anyway.

* create a new bootloader-config-installer record field
  (accepting a gexp), replacing bootloader-configuration-file and
  bootloader-configuration-file-generator. it's really only
  grub/extlinux-alikes that use a single, static-path config file. uefi
  configuration involves calling efibootmgr, and p-boot needs an entire
  configuration partition. can provide a helper procedure to replicate
  current behavior, and register the gexp as a gc root to prevent gc of
  boot objects, in lieu of the current behavior.

* provide the full bootloader-configuration record to
  bootloader-installer instead of just bootloader-package. the full
  record is available every time bootloader-installer is called.

* don't provide bootloader-configuration to bootloader-config-installer.
  reinstall-bootloader (guix scripts system) regens the configuration
  without access to the full bootloader-configuration record.
  conceptually, config install should only affect the boot entries
  themselves anyway.

* change initialize-efi-partition (gnu build image) to handle any
  bootloader-installer when used, providing its partition as the target.
  also un-hardcode grub in system-disk-image (gnu system image).

* to facilitate secure boot support, add a
  bootloader-configuration-signing-keypair record field accepting a pair
  of out-of-store paths to encryption keys.

* provide generation numbers to bootloader-installer and
  bootloader-config-installer, to help with coordination between the
  procedures, and bootloader-config-installer allowing incremental
  rollbacks in bootloaders that have to copy the kernel/initrd off-root.

(thanks Hilton Chain for initial discussion on this in the uefi support
patch thread!)

- lilah