Hi Mathieu,
Mathieu Othacehe <[email protected]> writes:
[...]
> 1. No ESP partition : an ESP partition is created and the current
> default size is bumped from 550MB to something bigger like 5GB.
>
> 2. Existing ESP partition : the ESP partition is kept but resized to
> 5GB.
>
> then, when performing a system installation, kernel and initrd are
> copied over the /boot partition and the GRUB configuration file is
> modified to point to the /boot copies instead of the /gnu/store files.
>
> The copy could be performed only if a flag is set, something like:
>
> (bootloader (bootloader-configuration
> (bootloader grub-efi-bootloader)
> (targets '("/boot/efi"))
> (keyboard-layout keyboard-layout)
> (copy-boot-files? #t)) ;copy kernel+initrd to /boot
>
> It can also be that instead of storing kernel + initrd for every system
> generation in /boot, we pack them into UKIs[1], so that we have
> something like:
>
> /EFI/Guix/generations/{system-203.efi, system-204.efi}
>
> What do you think of that proposal?
I think it would be good to have that as one option; but ideally I'd
prefer if we had some auto-configuration in the installer for using a
fully encrypted partition including /boot and /gnu/store that would use
a secret key baked in the initrd, like what Tomas is doing, as I don't
like to expose unencrypted boot files.
It'd be nice to improve the code that GRUB uses to do the
decryption... it's so slow that I dread the times I need rebooting my
machine ^^'.
--
Thanks,
Maxim
