Jakub Kądziołka <kuba@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Tobias Geerinckx-Rice <me@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Tobias Geerinckx-Rice <me@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at 38924) by debbugs.gnu.org; 4 Jan 2020 19:56:49 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 04 14:56:49 2020 Received: from localhost ([127.0.0.1]:43419 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1inpXV-0003uc-F9 for submit <at> debbugs.gnu.org; Sat, 04 Jan 2020 14:56:49 -0500 Received: from tobias.gr ([80.241.217.52]:37916) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@HIDDEN>) id 1inpXT-0003uR-B9 for 38924 <at> debbugs.gnu.org; Sat, 04 Jan 2020 14:56:48 -0500 Received: by tobias.gr (OpenSMTPD) with ESMTP id 115d7668; Sat, 4 Jan 2020 19:56:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:cc :subject:references:in-reply-to:date:message-id:mime-version :content-type; s=2018; i=me@HIDDEN; bh=OHPr46pc88MzGTHarT+aVE DyQ6f6wFU2GDJuXu1GGTg=; b=GPJt4pyFYuWLsZPbrRF5nmjyBDlldkzIeMaOLT BoX+2NMSNfjLMe2vOcCCk9/d/mYt90nF8iRu7F3+rqApZ9A0F6Piw5uav9KpdfVN sEut01+59N7tMoz0G7MALgFsxMH69xgT/NQXUVJ6Pci9SkqzwYG/TNeGfdAdtKVf thFgOhwN0WFY970CAh1pUgMJhJpCxSvDZ4EW0Uu5FFDD8M0JqWL6a0deGXQw3gPo zbJAyXHqaKnFVClTJCgbDmqyB3AD2ECHPuVqKItPfjv5H4vVSAXsgeX7VsFWBADN rFjvQffi3m4rIZ7cpSbcQPiy4Js1pDz1w2nS4Vjpjsq2Q5Dw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 901d9d8a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 4 Jan 2020 19:56:45 +0000 (UTC) From: Tobias Geerinckx-Rice <me@HIDDEN> Subject: Re: bug#38924: Encrypted root volume requires passphrase twice on boot References: <87pnfznhsw.fsf@HIDDEN> In-reply-to: <87pnfznhsw.fsf@HIDDEN> Date: Sat, 04 Jan 2020 20:56:44 +0100 Message-ID: <87woa73shv.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 38924 Cc: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= <kuba@HIDDEN>, 38924 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.1 (--) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Matthew, Matthew Leach =E5=86=99=E9=81=93=EF=BC=9A > I've setup guix on two machines each one of them with an=20 > encrypted root > partition. However, on boot I'm prompted for my passphrase=20 > twice, once > before the grub menu is shown and second after Linux has started=20 > and > launched guile as init. Unfortunately, this is expected. GRUB needs to decrypt the volume to load the Linux-Libre kernel=20 and initrd, and there's no agreed-upon secure way for GRUB to pass=20 the passphrase or key to the kernel/initrd. So you're prompted=20 for it again when the volume is actually mounted by the kernel. > I would expect to have to only enter my passphrase once per=20 > boot. Most distributions hack around this limitation by including the=20 unencrypted LUKS key in the initrd on the encrypted volume itself.=20 Guix doesn't currently have any code to do the same. This has been a problem for years but, by sheer coincidence, Jakub=20 K=C4=85dzio=C5=82ka (CC'd) mentioned that this was on their to-do list for= =20 next week. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl4Q7fwACgkQ2Imw8BjF STzz1BAAmRKTo4BglQMeIPAO3CPGC3QI12JVHztTubwJk2GgmRR2uTAXiGPG+Dxu mmC/vabmqthHJBxT8hcHo6FqA3cX0zeEj4Y9c6R1JOQkawGY2ccceVXL7hkdVPN7 PXDUDjxk10oTSMU4Fb5TTM1Bu73otx10qy5nwj3KemSgVbHGxA1cGg+qlqG7N+9s tikpUZPx35Yforitle2OuoX7LVxmQ5xhrk3e/DnoWgqeS/h803Brmqppkbxxj3dC XBkJuXfMdj5cYleYqKWcluE2n0DFDNZTqwLNM0RrV1dea+lI8BY6oYjO+iWEUKnq H+ycZ1tr/FgymPDhJkEA1SUmeWSGb+yjiBbsrtRFAElztqxNQ/SbSe92+ZfXIp+Q tjqAJ+qlJDdx7ZtIfoSmsI0RuMw8fmy8ReKWrEKuCbuhNIFc82BCmhQYZCU/Emdg VOI/6U1DglFMQgD8DPF3Y64xz7LwJf1SEfwovSNxAqT0yYbs9HHCFpm/UHheiu8/ xnHfjfYGqC0zG5XkAd4oP5OAt/G2x/CU6kB6BhWBwuXULSxSZZQfgHl3sZzKgbKv Vvbd7G98atH0o/UlqKA8LEUFso1wZrkEWiaMGD+I5rQGKVBh8lRo8MZ+SPW9TJVG tEsFRR57Zmb8CbDnaaKo063aktmfG8Ms/a0a55U5UhR4kFHjq+Y= =hlQl -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN
:bug#38924
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 4 Jan 2020 19:27:35 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 04 14:27:35 2020 Received: from localhost ([127.0.0.1]:43394 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1inp5D-00036P-16 for submit <at> debbugs.gnu.org; Sat, 04 Jan 2020 14:27:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:34157) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <matthew@HIDDEN>) id 1inp5A-00036H-PU for submit <at> debbugs.gnu.org; Sat, 04 Jan 2020 14:27:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:39091) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <matthew@HIDDEN>) id 1inp59-0006p0-IX for bug-guix@HIDDEN; Sat, 04 Jan 2020 14:27:32 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <matthew@HIDDEN>) id 1inp58-0006Lo-Ih for bug-guix@HIDDEN; Sat, 04 Jan 2020 14:27:31 -0500 Received: from mx0.mattleach.net ([176.58.118.143]:56992) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <matthew@HIDDEN>) id 1inp58-0006JH-Ci for bug-guix@HIDDEN; Sat, 04 Jan 2020 14:27:30 -0500 Received: by mx0.mattleach.net (Postfix, from userid 99) id 6600A61C91; Sat, 4 Jan 2020 19:27:29 +0000 (GMT) Received: from troi.mattleach.net (92.40.248.146.threembb.co.uk [92.40.248.146]) by mx0.mattleach.net (Postfix) with ESMTPSA id A8C8061C21 for <bug-guix@HIDDEN>; Sat, 4 Jan 2020 19:27:28 +0000 (GMT) From: Matthew Leach <matthew@HIDDEN> To: bug-guix@HIDDEN Subject: Encrypted root volume requires passphrase twice on boot User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) Date: Sat, 04 Jan 2020 19:27:27 +0000 Message-ID: <87pnfznhsw.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 176.58.118.143 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) Hi Guix! I've setup guix on two machines each one of them with an encrypted root partition. However, on boot I'm prompted for my passphrase twice, once before the grub menu is shown and second after Linux has started and launched guile as init. I would expect to have to only enter my passphrase once per boot. Regards, -- Matt
Matthew Leach <matthew@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#38924
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.