GNU bug report logs - #25305
LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: ludo@HIDDEN (Ludovic Courtès); Keywords: patch; merged with #37851; dated Fri, 30 Dec 2016 23:53:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) patch. Request was from Miguel <rosen644835@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Merged 25305 37851. Request was from Miguel <rosen644835@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 30 Dec 2016 23:52:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 30 18:52:20 2016
Received: from localhost ([127.0.0.1]:60722 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1cN6yC-0007tb-Cj
	for submit <at> debbugs.gnu.org; Fri, 30 Dec 2016 18:52:20 -0500
Received: from eggs.gnu.org ([208.118.235.92]:53438)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1cN6yA-0007tO-Mv
 for submit <at> debbugs.gnu.org; Fri, 30 Dec 2016 18:52:19 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1cN6y4-0001mJ-NK
 for submit <at> debbugs.gnu.org; Fri, 30 Dec 2016 18:52:13 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_40,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:53215)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <ludo@HIDDEN>) id 1cN6y4-0001m9-L0
 for submit <at> debbugs.gnu.org; Fri, 30 Dec 2016 18:52:12 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44399)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1cN6y3-0005TS-Ad
 for bug-guix@HIDDEN; Fri, 30 Dec 2016 18:52:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1cN6xz-0001iJ-E3
 for bug-guix@HIDDEN; Fri, 30 Dec 2016 18:52:11 -0500
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36454)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1cN6xz-0001iD-AW; Fri, 30 Dec 2016 18:52:07 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:53790 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1cN6xy-0000Mu-Kk; Fri, 30 Dec 2016 18:52:07 -0500
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Eddie Baxter <pieceredd@HIDDEN>
Subject: LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0
References: <CAOXwz5_i2-dUVeFgNfXt07zazCq1SLz6V+WGC09JLRYzUgUDRA@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 =?utf-8?Q?Niv=C3=B4se?= an 225 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Sat, 31 Dec 2016 00:52:04 +0100
In-Reply-To: <CAOXwz5_i2-dUVeFgNfXt07zazCq1SLz6V+WGC09JLRYzUgUDRA@HIDDEN>
 (Eddie Baxter's message of "Thu, 29 Dec 2016 23:37:10 +0000")
Message-ID: <87inq16km3.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -8.2 (--------)
X-Debbugs-Envelope-To: submit
Cc: bug-guix@HIDDEN, help-guix@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -8.2 (--------)

Hello!

Eddie Baxter <pieceredd@HIDDEN> skribis:

> I have attempted to install GuixSD on an encrypted root using LUKS, after
> reading the release notes for 0.12.0 that implies this should now work - =
My
> config.scm is linked:
>
> https://gist.github.com/AcouBass/3a1a6ab28c17830a175dc7da95eb18cd
>
> I don't get any errors on installation, nor upon doing a system
> reconfigure.
>
> At the moment I am still having to drop to a command prompt in Grub and u=
se
> the commands:
>
>   insmod luks
>   cryptomount hd0,msdos2

The config has an unencrypted /boot and an encrypted root.  What=E2=80=99s
tested and known-good is a configuration with an encrypted root that
contains /boot, like the one here:

  https://www.gnu.org/software/guix/manual/html_node/Using-the-Configuratio=
n-System.html#index-encrypted-disk-1

It may be that this configuration is not correctly supported yet.

I=E2=80=99m Cc=E2=80=99ing bug-guix@HIDDEN so we keep track of this issue.

> Which while it does work does mean I'm entering my passphrase twice
> (As well as having to drop to the Grub command line!)

The passphrase-twice issue seems hard to avoid: first GRUB needs to
access the partition, and then the kernel needs to access it.

If anyone is aware of ways to solve this, I=E2=80=99m all ears!

Thanks for your report!

Ludo=E2=80=99.




Acknowledgement sent to ludo@HIDDEN (Ludovic Courtès):
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#25305; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 1 Nov 2019 12:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.