Message ID | cover.1705465384.git.lilah@lunabee.space |
---|---|
Headers | show |
Series | Support root encryption and secure boot. | expand |
nah, what I meant by that is instead of entering your password while you're booted into grub, you enter it while booted into your initrd. either way nothing touches the disk.
Great, thank you for clarifying. This is awesome work. Does it mean however that Guix becomes tied to systemd in some way when this feature is used? Or is the feature sufficiently isolated that no systemd process takes place? I've also looked briefly into this from another angle, trying to either patch GRUB or to use kexec and boot from a USB. I'm glad that you were able to do this, thanks a lot! Regards, Nikolaos Chatzikonstantinou
sorry for the late responses; I don't actually get sent your replies unless you cc me. and yeah don't worry it's isolated. there's only two bits of systemd used, systemd-boot-stub and ukify. ukify is pretty much just a single python script, and systemd-boot-stub is just a bit of code tacked on to the boot process to handle combining the kernel, args, and initrd together. no daemons or code past the bootloader at all! of note I'm currently in the process of rewriting the entire guix bootloader stack to make this work a Lot nicer. sooo hopefully that gets finished soon.
On Sat, Mar 23, 2024 at 3:40 PM Lilah Tascheter <lilah@lunabee.space> wrote: > and yeah don't worry it's isolated. there's only two bits of systemd > used, systemd-boot-stub and ukify. ukify is pretty much just a single > python script, and systemd-boot-stub is just a bit of code tacked on to > the boot process to handle combining the kernel, args, and initrd > together. no daemons or code past the bootloader at all! > > of note I'm currently in the process of rewriting the entire guix > bootloader stack to make this work a Lot nicer. sooo hopefully that > gets finished soon. Very exciting! I am looking forward to looking at the code. Regards, Nikolaos Chatzikonstantinou