From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id cMIhFXrWFGFtKwAAgWs5BA (envelope-from ) for ; Thu, 12 Aug 2021 10:06:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id ZejVEHrWFGEwbwAA1q6Kng (envelope-from ) for ; Thu, 12 Aug 2021 08:06:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E9EDE1ACF3 for ; Thu, 12 Aug 2021 10:06:17 +0200 (CEST) Received: from localhost ([::1]:49200 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mE5jF-00030t-3W for larch@yhetil.org; Thu, 12 Aug 2021 04:06:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56118) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mE5i2-0001WM-HV for guix-patches@gnu.org; Thu, 12 Aug 2021 04:05:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54099) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mE5i1-00064u-Tt for guix-patches@gnu.org; Thu, 12 Aug 2021 04:05:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mE5i1-0007dB-Ow for guix-patches@gnu.org; Thu, 12 Aug 2021 04:05:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49654] [PATCH] doc: Add full disc encryption guide to the cookbook Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 12 Aug 2021 08:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49654 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: jbranso@dismail.de Cc: 49654@debbugs.gnu.org, Sarah Morgensen , rg@raghavgururajan.name Received: via spool by 49654-submit@debbugs.gnu.org id=B49654.162875546729280 (code B ref 49654); Thu, 12 Aug 2021 08:05:01 +0000 Received: (at 49654) by debbugs.gnu.org; 12 Aug 2021 08:04:27 +0000 Received: from localhost ([127.0.0.1]:37412 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mE5hS-0007cC-VL for submit@debbugs.gnu.org; Thu, 12 Aug 2021 04:04:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:47222) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mE5hR-0007bx-UF for 49654@debbugs.gnu.org; Thu, 12 Aug 2021 04:04:26 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59032) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mE5hM-0005Uq-1w; Thu, 12 Aug 2021 04:04:20 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=45076 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mE5hL-0003Vm-PH; Thu, 12 Aug 2021 04:04:19 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87pmukkqvx.fsf_-_@gnu.org> <86tukns2mc.fsf@mgsn.dev> <20210720052229.15438-1-jbranso@dismail.de> <2a373bf54c17a11a37ab8f2ca86ef07f@dismail.de> <56b97910c9bac2b0eafb40e0b70aadea@dismail.de> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 25 Thermidor an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 12 Aug 2021 10:04:17 +0200 In-Reply-To: <56b97910c9bac2b0eafb40e0b70aadea@dismail.de> (jbranso@dismail.de's message of "Thu, 12 Aug 2021 01:48:54 +0000") Message-ID: <878s17hywu.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1628755578; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=IxvK3w/Zw4KLSHtz1D2DPXKTB/1ci8nrsIdp+Y0ANCg=; b=KX1H9zbQUBs8PEKittV0Th1LfnFcdUZFKrZXJ4n9PwdPxNq/yd6eCjrO5Q0Cqt/PFEA5Um uFVzyk4Q5JGwNOFAqdC7+WXKw/2oBWob/N67A385BemsExxrdDnIxrZ5FKqRU7b7ry3z4h 7BRZ0JWtmf9i4sGIXxF20B0uPig+6RmmD3CirdaeKKiou1RzIKRkI5yo3RVC4ztH1h92bV z2S9C1Lu80czKL0S+aO6blL/rA7o5TY8SQ8Iyuims9iBAv0EeFKHfH+IvBpKeKAB0Mwpdc ZhJSIdbdAAPZ7V7IJ+ViWwEe6MWxqrO7B/mGdyPGoq2nK6BhKTf1s5E9C54FkQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1628755578; a=rsa-sha256; cv=none; b=lgup9iYMXTaLBw1kS7WoK6FPITrYwKSAfE9xcjnlGCpHTuAFCoHwrddefD85C3jis+HVrn 6grvPVEilWjXRihwG5iyLv/txHkzmwDNWR23G/xkPOUUub+5eGc2VJ4v+PhRCX7a3NAJLy X0VhdVOcNF7Mz4wEPJb2n8+TrswY4CDrg1DY4RWSgPQogwTFp+1adtk9tlEi60GDmgAkoY bPBK/Z3y/lyE+u2vYbPrrkbUbeGSpDgzs4sibTFjJ96FJID4/AUmpSEwHQ+hEofJO46rR8 OF2yEeg+aB5E2lEqm45Nckz26wZ+4xq+GOOJziUdzJ/me1sNMSvldaalVH3eoQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.91 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: E9EDE1ACF3 X-Spam-Score: -2.91 X-Migadu-Scanner: scn0.migadu.com X-TUID: ik/dW1rJz2ws Hello! jbranso@dismail.de skribis: > August 11, 2021 10:17 AM, "Ludovic Court=C3=A8s" wrote: [...] >> My main question would be: what do you think is not covered in the >> =E2=80=9CManual Installation=E2=80=9D section? >>=20 >> That section covers full disk encryption and other things you propose, >> such as partitioning, downloading the ISO, authenticating it, changing >> the keyboard layout, etc. > > I think that libreboot does not currently support the latest version of > encryption...or only supports LVM v1....something like that. Perhaps tho= se > "libreboot specific encryption commands" need not be in the official manu= al? Oh, right. Perhaps there could be a subsubsection next to =E2=80=9CDisk Partitioning=E2=80=9D & co. specifically about LibreBoot support? Would th= at make sense? >> From a maintenance perspective, it does not seem reasonable to maintain >> to similar pieces of documentation on these matters. From a user >> perspective, it could be confusing or downright deceiving if one of >> these two documents is out of date or erroneous. > > I'm game for that. I personally find the "Manual Installation" section=20 > slightly too terse...I've successfully installed guix encrypted before, > but I had to use the graphical installation. I have a hard time=20 > comprehending how to manually install an encrypted guix, but I also just > have a very hard time understanding new guix things too. :) If you could pinpoint specific things that are missing or too vague in that section, that=E2=80=99d be great. Of course we don=E2=80=99t want to explain too much in there because that= =E2=80=99d be too much work, so this section assumes familiarity with GNU/Linux; and overall, we want to encourage users, both newbies and seasoned GNU/Linux users, to use the installer, because it=E2=80=99s so much more convenient. > Perhaps, if the manual does not have it, we could provide an example=20 > config of an encrypted /home ? I feel like the majority of guix users > do not use libreboot, so a encrypted / is not an option for most of them. Why is it not an option? I use encrypted root without Libreboot and the installer offers that option. Thanks! Ludo=E2=80=99.