From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id oLN3NJcmtmWeNAEAqHPOHw:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 28 Jan 2024 11:04:08 +0100
Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0.migadu.com with LMTPS
	id oLN3NJcmtmWeNAEAqHPOHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 28 Jan 2024 11:04:07 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=NX4rY+IP;
	dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=MEbB8jSl;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1706436247;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=UDW/MfQldkpU4tdv6AwyJCVEWKdJD5bD022usETFAEU=;
	b=gBwoK7Qknpc0HXis1O9iS9xVphGSttB3PZWmERy8VDJFYXcnkb/HrZ8THcrfS13grTGX5a
	fqC53olA5pnnUbT+Og3aWL9qDXaPRiep2vhl9ZKPnX/ENHzj1762nEQTe3peL63s5aVdQU
	7/aqBLB+5RpRQ3C8b9QM04jqd7bTuMvS8UD2yRO3r2levrpPgDHUriMVKPS8H4ZCr154zp
	Z+ONx766kGl8v/8B1G+aPHGBdgbAItWqd6WXFkgAXSRirNKsqHSa1MPXlrs4a2Sm+p4SO3
	Zej6etMqiBjTsUJ8GpCLxR3BaNp+S/C3/2834J4tpEM9J8plJLYmckaLx/f6zw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=NX4rY+IP;
	dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=MEbB8jSl;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706436247; a=rsa-sha256; cv=none;
	b=nR/NkcWUBBdwGtOpPmsLZz5oBTzKUHDceTmNkq0HcdydNx9sf1SyYpQbHvyp3jXxzih+ZA
	NHTIvsSu9Uhzo8EKA9zhnp8nCBCg+djXthnuV0NhVGos16HBrbn/XuljLyt4SHfCyOz0YW
	JxxFSL/g6QOn/zu3ti8dAjS/66ZKABwBMebwVvyhtXP86p2uAYISjY+CBU7Q/KB/aleuOx
	kc3sqwpRstXdHKK+AUjp8/Z/kU3Khal4b97AS5HdX8zGT3DK7Nk3XGM1oYWSwmQ5FCNhDC
	y6eD3HwnA2ENBWDj6XdsZMFTfnUIcDWYzIhUxXABaCneAy5imnXmgogqfKP/HQ==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 8D92F398A4
	for <larch@yhetil.org>; Sun, 28 Jan 2024 11:04:07 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1rU218-0007pA-CG; Sun, 28 Jan 2024 05:03:59 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rU214-0007oU-Il
 for guix-patches@gnu.org; Sun, 28 Jan 2024 05:03:56 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rU214-0006mX-9l
 for guix-patches@gnu.org; Sun, 28 Jan 2024 05:03:54 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rU21B-00040G-JS
 for guix-patches@gnu.org; Sun, 28 Jan 2024 05:04:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot.
References: <cover.1705465384.git.lilah@lunabee.space>
In-Reply-To: <cover.1705465384.git.lilah@lunabee.space>
Resent-From: Lilah Tascheter <lilah@lunabee.space>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 28 Jan 2024 10:04:01 +0000
Resent-Message-ID: <handler.68524.B68524.170643619315249@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 68524
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 68524@debbugs.gnu.org
Cc: vagrant@debian.org, Lilah Tascheter <lilah@lunabee.space>, herman@rimm.ee,
 efraim@flashner.co.il
Received: via spool by 68524-submit@debbugs.gnu.org id=B68524.170643619315249
 (code B ref 68524); Sun, 28 Jan 2024 10:04:01 +0000
Received: (at 68524) by debbugs.gnu.org; 28 Jan 2024 10:03:13 +0000
Received: from localhost ([127.0.0.1]:56618 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rU20P-0003xt-F0
 for submit@debbugs.gnu.org; Sun, 28 Jan 2024 05:03:13 -0500
Received: from sendmail.purelymail.com ([34.202.193.197]:38440)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lilah@lunabee.space>) id 1rU20M-0003xN-Ry
 for 68524@debbugs.gnu.org; Sun, 28 Jan 2024 05:03:12 -0500
DKIM-Signature: a=rsa-sha256;
 b=NX4rY+IPAUTbyqh3ZmURw/HhjXb/5kAkfcGmBs8e03jYOxX1wr0UdBvD65aB2M6fsU6qFkBQi6AkdubE5pulhI1Xipj4mRz5U9YSLRxfbq4oFj7wayv1TJ7JHaFwbPskB432B01Lr0z1sJNmzS1ZzC95ESlUCNsCMHvBLJg5PlkVnogeOrVfln/+yWe7OfHDKZy0tQDS3TBBNL/2jEMUjmWwUzcSvDsgYdeC297EDuvLI+3jQbXrEHYxDtDgghwaUsHoDG4hE3MpEzBIX7Ci4OZQLCVvLnoQxzde3t56JlBy1er5HSG9XeamMozK7VLvgD0jBpJZzVfxReowidcUIQ==;
 s=purelymail2; d=lunabee.space; v=1;
 bh=xqsqTPSExPhByIFkpdXF8KikRKpec9SxIlcbnU2ocYc=; h=Received:From:To:Subject; 
DKIM-Signature: a=rsa-sha256;
 b=MEbB8jSl9ygx2efF3xfmOnLHVFy1nrTnNM4Vy5H+NplvBK99cMPQEp5Bf+4JkIE+fqiSKhpfJY/VIVe6rqxRpkw6O9Wuj/gMyUN21dZghiEk7OavqRyAra3LXZXOR4Qaf4N0QSYR7inLx5zE70U8KEeXMX1mSGKcMzawGCnzU8kqeSZQf2yi+SE6Nr/uYnAFAumIH3jiHHqflIt7zWolakDMzJ49ctJhZYmx4hsdaC2fZvqqMSei6eS37Q79uJFV/Xx7TsbAkC3Qa2jMjCRV9AYI6YY/ygxQnK4DpEts8YzOY8hg/uPiTZn6Iod0/g5/hMMGSHBstRLYrRIK69Ihxg==;
 s=purelymail2; d=purelymail.com; v=1;
 bh=xqsqTPSExPhByIFkpdXF8KikRKpec9SxIlcbnU2ocYc=;
 h=Feedback-ID:Received:From:To:Subject; 
Feedback-ID: 8937:2070:null:purelymail
X-Pm-Original-To: 68524@debbugs.gnu.org
Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id -1308848491; 
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Sun, 28 Jan 2024 10:02:47 +0000 (UTC)
Date: Sun, 28 Jan 2024 03:51:38 -0600
Message-ID: <cover.1706435500.git.lilah@lunabee.space>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by Purelymail
Content-Type: text/plain; charset=UTF-8
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
From: Lilah Tascheter via Guix-patches <guix-patches@gnu.org>
Reply-To: Lilah Tascheter <lilah@lunabee.space>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -7.15
X-Migadu-Scanner: mx13.migadu.com
X-Spam-Score: -7.15
X-Migadu-Queue-Id: 8D92F398A4
X-TUID: d1u5MEhZl1XY

Thank you so much Herman, that motherfucking typo was what made my old-entr=
ies
testing not work. I reworked the majority of the install-uki.scm code, and =
now
uefi-uki-bootloader and uefi-uki-signed-bootloader support generation rollb=
ack!
Slightly jank, but it works. On install, we pretty much just cram as many
generations into the ESP as possible. ESPs are typically small, so we can't
assume that we can fit more than one UKI, so if we can't fit every extent
generation we just exit early.

We also don't waste space on root by adding each UKI to the store anymore.
They're all generated at install time. Added slightly more documentation to=
o.

Otherwise, fixed everything Herman pointed out!

Decided not to add a manual section on manually running /boot/install-uki.s=
cm
though. It's more of a quirk of getting around guix's bootloader assumption=
s
than meant to be run that way; I don't know if it's a good idea to direct
attention to it. I mean it Works, but it's more of a quick hack.

Lilah Tascheter (2):
  gnu: bootloaders: Add uki packages.
  gnu: bootloaders: Add uefi-uki-bootloader.

 doc/guix.texi                |  45 ++++++++----
 gnu/bootloader/uki.scm       | 129 +++++++++++++++++++++++++++++++++++
 gnu/local.mk                 |   1 +
 gnu/packages/bootloaders.scm |  95 ++++++++++++++++++++++++++
 4 files changed, 258 insertions(+), 12 deletions(-)
 create mode 100644 gnu/bootloader/uki.scm


base-commit: 2823253484e49391c6ba3c653a2f9e9f5e5f38ae
--=20
2.41.0