#673 Can't load fully encrypted Guix System

Open
opened 2 months ago by loaf_of_bread · 0 comments

Hi, I've tried installing encrypted Guix System 1.0.1 on a librebooted (20160907) ThinkPad T60 using both the GUI installer and manual installation as described here: https://libreboot.org/docs/gnulinux/guix_system.html but after finishing the installation, "Load Operating System (incl. fully encrypted disks)" fails - there's only visible a blank page with the artwork and it does nothing. Installing without encryption worked.

Tried booting the system in the following way from GRUB's command line:

cryptomount (ahci0,gpt1)

here it successfully unencrypted the disk 

set root=(crypto0)

then I loaded linux and initrd like this 

linux /gnu/store/k5fb8v0ncjgml6sifni27qv81pjwmw9k-linux-libre-5.2.9/bzImage

initrd /gnu/store/5grsm4yaacg892gjvfby1y3awrvjbnlr-raw-initrd/initrd.cpio.gz

boot

The kernel succesfully booted, the Shepherd (init) too, the system didn't but that's not the point, I know why it didn't - I've checked how does a grub.cfg on an unencrypted Guix System installation should look like and it should look something like this:

menuentry "GNU with Linux-Libre 5.2.9" {
  search --fs-uuid --set 6b3ca930-f5fc-4885-af5a-6d596788629f
  linux /gnu/store/k5fb8v0ncjgml6sifni27qv81pjwmw9k-linux-libre-5.2.9/bzImage --root=6b3ca930-f5fc-4885-af5a-6d596788629f --system=/gnu/store/1l0sm6zybvkaggl46arnn0q8rfarx0qj-system --load=/gnu/store/1l0sm6zybvkaggl46arnn0q8rfarx0qj-system/boot quiet
  initrd /gnu/store/5grsm4yaacg892gjvfby1y3awrvjbnlr-raw-initrd/initrd.cpio.gz
}

The problem is those hashes before folder name are sums generated from package content, which means every time Linux-libre or initrd packages are updated or built, a new hash is generated. So even if I manually added GRUB config like above to boot the system, running commands like "guix package -u", "guix pull" or "sudo guix system reconfigure" would make the system unable to boot. Usually Guix System changes GRUB configuration every time you run "guix system revonfigure", but on a computer using Libreboot, it doesn't seem to be an option. Having completion in GRUB as in BASH would solve the problem, but after reading GRUB's documentation for a few days, I'm not really sure if it provides such a feature. If it provided the feature, you could just use something like this:

menuentry "GNU with Linux-Libre 5.2.9" {
  search --fs-uuid --set 6b3ca930-f5fc-4885-af5a-6d596788629f
  linux /gnu/store/*-linux-libre-5.2.9/bzImage --root=6b3ca930-f5fc-4885-af5a-6d596788629f --system=/gnu/store/*-system --load=/gnu/store/*-system/boot quiet
  initrd /gnu/store/*-raw-initrd/initrd.cpio.gz
}

But I'm not a GRUB specialist, so I don't know. Also don't know what would happen with parallel system definitions - Guix System allows rolling back to previous system definitions, by having many menu entries "GNU system, old configurations..."

Sorry if it's a wrong place to submit this issue/bug, don't know if it belongs here or should it be posted on GRUB's or Guix's mailing list.

P.S. There's an error in the guide - system definition contains a btrfs partition and making a swapfile fails, because btrfs has already built in support for swap. That's probably a remaining after previous version, where there were ext4 filesystem, but the author of this guide have changed it to btrfs.

Hi, I've tried installing encrypted Guix System 1.0.1 on a librebooted (20160907) ThinkPad T60 using both the GUI installer and manual installation as described here: https://libreboot.org/docs/gnulinux/guix_system.html but after finishing the installation, "Load Operating System (incl. fully encrypted disks)" fails - there's only visible a blank page with the artwork and it does nothing. Installing without encryption worked. Tried booting the system in the following way from GRUB's command line: ``` cryptomount (ahci0,gpt1) here it successfully unencrypted the disk set root=(crypto0) then I loaded linux and initrd like this linux /gnu/store/k5fb8v0ncjgml6sifni27qv81pjwmw9k-linux-libre-5.2.9/bzImage initrd /gnu/store/5grsm4yaacg892gjvfby1y3awrvjbnlr-raw-initrd/initrd.cpio.gz boot ``` The kernel succesfully booted, the Shepherd (init) too, the system didn't but that's not the point, I know why it didn't - I've checked how does a grub.cfg on an unencrypted Guix System installation should look like and it should look something like this: ``` menuentry "GNU with Linux-Libre 5.2.9" { search --fs-uuid --set 6b3ca930-f5fc-4885-af5a-6d596788629f linux /gnu/store/k5fb8v0ncjgml6sifni27qv81pjwmw9k-linux-libre-5.2.9/bzImage --root=6b3ca930-f5fc-4885-af5a-6d596788629f --system=/gnu/store/1l0sm6zybvkaggl46arnn0q8rfarx0qj-system --load=/gnu/store/1l0sm6zybvkaggl46arnn0q8rfarx0qj-system/boot quiet initrd /gnu/store/5grsm4yaacg892gjvfby1y3awrvjbnlr-raw-initrd/initrd.cpio.gz } ``` The problem is those hashes before folder name are sums generated from package content, which means *every* time Linux-libre or initrd packages are updated or built, a new hash is generated. So even if I manually added GRUB config like above to boot the system, running commands like "guix package -u", "guix pull" or "sudo guix system reconfigure" would make the system unable to boot. Usually Guix System changes GRUB configuration every time you run "guix system revonfigure", but on a computer using Libreboot, it doesn't seem to be an option. Having completion in GRUB as in BASH would solve the problem, but after reading GRUB's documentation for a few days, I'm not really sure if it provides such a feature. If it provided the feature, you could just use something like this: ``` menuentry "GNU with Linux-Libre 5.2.9" { search --fs-uuid --set 6b3ca930-f5fc-4885-af5a-6d596788629f linux /gnu/store/*-linux-libre-5.2.9/bzImage --root=6b3ca930-f5fc-4885-af5a-6d596788629f --system=/gnu/store/*-system --load=/gnu/store/*-system/boot quiet initrd /gnu/store/*-raw-initrd/initrd.cpio.gz } ``` But I'm not a GRUB specialist, so I don't know. Also don't know what would happen with parallel system definitions - Guix System allows rolling back to previous system definitions, by having many menu entries "GNU system, old configurations..." Sorry if it's a wrong place to submit this issue/bug, don't know if it belongs here or should it be posted on GRUB's or Guix's mailing list. P.S. There's an error in the guide - system definition contains a btrfs partition and making a swapfile fails, because btrfs has already built in support for swap. That's probably a remaining after previous version, where there were ext4 filesystem, but the author of this guide have changed it to btrfs.
Sign in to join this conversation.
Loading...
Cancel
Save
There is no content yet.