From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id oLN3NJcmtmWeNAEAqHPOHw:P1 (envelope-from ) for ; Sun, 28 Jan 2024 11:04:08 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id oLN3NJcmtmWeNAEAqHPOHw (envelope-from ) for ; Sun, 28 Jan 2024 11:04:07 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=NX4rY+IP; dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=MEbB8jSl; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1706436247; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=UDW/MfQldkpU4tdv6AwyJCVEWKdJD5bD022usETFAEU=; b=gBwoK7Qknpc0HXis1O9iS9xVphGSttB3PZWmERy8VDJFYXcnkb/HrZ8THcrfS13grTGX5a fqC53olA5pnnUbT+Og3aWL9qDXaPRiep2vhl9ZKPnX/ENHzj1762nEQTe3peL63s5aVdQU 7/aqBLB+5RpRQ3C8b9QM04jqd7bTuMvS8UD2yRO3r2levrpPgDHUriMVKPS8H4ZCr154zp Z+ONx766kGl8v/8B1G+aPHGBdgbAItWqd6WXFkgAXSRirNKsqHSa1MPXlrs4a2Sm+p4SO3 Zej6etMqiBjTsUJ8GpCLxR3BaNp+S/C3/2834J4tpEM9J8plJLYmckaLx/f6zw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lunabee.space header.s=purelymail2 header.b=NX4rY+IP; dkim=fail ("headers rsa verify failed") header.d=purelymail.com header.s=purelymail2 header.b=MEbB8jSl; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706436247; a=rsa-sha256; cv=none; b=nR/NkcWUBBdwGtOpPmsLZz5oBTzKUHDceTmNkq0HcdydNx9sf1SyYpQbHvyp3jXxzih+ZA NHTIvsSu9Uhzo8EKA9zhnp8nCBCg+djXthnuV0NhVGos16HBrbn/XuljLyt4SHfCyOz0YW JxxFSL/g6QOn/zu3ti8dAjS/66ZKABwBMebwVvyhtXP86p2uAYISjY+CBU7Q/KB/aleuOx kc3sqwpRstXdHKK+AUjp8/Z/kU3Khal4b97AS5HdX8zGT3DK7Nk3XGM1oYWSwmQ5FCNhDC y6eD3HwnA2ENBWDj6XdsZMFTfnUIcDWYzIhUxXABaCneAy5imnXmgogqfKP/HQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8D92F398A4 for ; Sun, 28 Jan 2024 11:04:07 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rU218-0007pA-CG; Sun, 28 Jan 2024 05:03:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rU214-0007oU-Il for guix-patches@gnu.org; Sun, 28 Jan 2024 05:03:56 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rU214-0006mX-9l for guix-patches@gnu.org; Sun, 28 Jan 2024 05:03:54 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rU21B-00040G-JS for guix-patches@gnu.org; Sun, 28 Jan 2024 05:04:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68524] [PATCH v2 0/2] Support root encryption and secure boot. References: In-Reply-To: Resent-From: Lilah Tascheter Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 28 Jan 2024 10:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68524 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68524@debbugs.gnu.org Cc: vagrant@debian.org, Lilah Tascheter , herman@rimm.ee, efraim@flashner.co.il Received: via spool by 68524-submit@debbugs.gnu.org id=B68524.170643619315249 (code B ref 68524); Sun, 28 Jan 2024 10:04:01 +0000 Received: (at 68524) by debbugs.gnu.org; 28 Jan 2024 10:03:13 +0000 Received: from localhost ([127.0.0.1]:56618 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rU20P-0003xt-F0 for submit@debbugs.gnu.org; Sun, 28 Jan 2024 05:03:13 -0500 Received: from sendmail.purelymail.com ([34.202.193.197]:38440) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rU20M-0003xN-Ry for 68524@debbugs.gnu.org; Sun, 28 Jan 2024 05:03:12 -0500 DKIM-Signature: a=rsa-sha256; b=NX4rY+IPAUTbyqh3ZmURw/HhjXb/5kAkfcGmBs8e03jYOxX1wr0UdBvD65aB2M6fsU6qFkBQi6AkdubE5pulhI1Xipj4mRz5U9YSLRxfbq4oFj7wayv1TJ7JHaFwbPskB432B01Lr0z1sJNmzS1ZzC95ESlUCNsCMHvBLJg5PlkVnogeOrVfln/+yWe7OfHDKZy0tQDS3TBBNL/2jEMUjmWwUzcSvDsgYdeC297EDuvLI+3jQbXrEHYxDtDgghwaUsHoDG4hE3MpEzBIX7Ci4OZQLCVvLnoQxzde3t56JlBy1er5HSG9XeamMozK7VLvgD0jBpJZzVfxReowidcUIQ==; s=purelymail2; d=lunabee.space; v=1; bh=xqsqTPSExPhByIFkpdXF8KikRKpec9SxIlcbnU2ocYc=; h=Received:From:To:Subject; DKIM-Signature: a=rsa-sha256; b=MEbB8jSl9ygx2efF3xfmOnLHVFy1nrTnNM4Vy5H+NplvBK99cMPQEp5Bf+4JkIE+fqiSKhpfJY/VIVe6rqxRpkw6O9Wuj/gMyUN21dZghiEk7OavqRyAra3LXZXOR4Qaf4N0QSYR7inLx5zE70U8KEeXMX1mSGKcMzawGCnzU8kqeSZQf2yi+SE6Nr/uYnAFAumIH3jiHHqflIt7zWolakDMzJ49ctJhZYmx4hsdaC2fZvqqMSei6eS37Q79uJFV/Xx7TsbAkC3Qa2jMjCRV9AYI6YY/ygxQnK4DpEts8YzOY8hg/uPiTZn6Iod0/g5/hMMGSHBstRLYrRIK69Ihxg==; s=purelymail2; d=purelymail.com; v=1; bh=xqsqTPSExPhByIFkpdXF8KikRKpec9SxIlcbnU2ocYc=; h=Feedback-ID:Received:From:To:Subject; Feedback-ID: 8937:2070:null:purelymail X-Pm-Original-To: 68524@debbugs.gnu.org Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id -1308848491; (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Sun, 28 Jan 2024 10:02:47 +0000 (UTC) Date: Sun, 28 Jan 2024 03:51:38 -0600 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by Purelymail Content-Type: text/plain; charset=UTF-8 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Lilah Tascheter via Guix-patches Reply-To: Lilah Tascheter Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.15 X-Migadu-Scanner: mx13.migadu.com X-Spam-Score: -7.15 X-Migadu-Queue-Id: 8D92F398A4 X-TUID: d1u5MEhZl1XY Thank you so much Herman, that motherfucking typo was what made my old-entr= ies testing not work. I reworked the majority of the install-uki.scm code, and = now uefi-uki-bootloader and uefi-uki-signed-bootloader support generation rollb= ack! Slightly jank, but it works. On install, we pretty much just cram as many generations into the ESP as possible. ESPs are typically small, so we can't assume that we can fit more than one UKI, so if we can't fit every extent generation we just exit early. We also don't waste space on root by adding each UKI to the store anymore. They're all generated at install time. Added slightly more documentation to= o. Otherwise, fixed everything Herman pointed out! Decided not to add a manual section on manually running /boot/install-uki.s= cm though. It's more of a quirk of getting around guix's bootloader assumption= s than meant to be run that way; I don't know if it's a good idea to direct attention to it. I mean it Works, but it's more of a quick hack. Lilah Tascheter (2): gnu: bootloaders: Add uki packages. gnu: bootloaders: Add uefi-uki-bootloader. doc/guix.texi | 45 ++++++++---- gnu/bootloader/uki.scm | 129 +++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 95 ++++++++++++++++++++++++++ 4 files changed, 258 insertions(+), 12 deletions(-) create mode 100644 gnu/bootloader/uki.scm base-commit: 2823253484e49391c6ba3c653a2f9e9f5e5f38ae --=20 2.41.0