Benjamin Slade writes:
> I mused briefly about mirroring of the relevant things (kernels, initrd)
> from /gnu/store to /boot, but that's probably pretty hack-y.
The parts of GuixSD which require maintaining state outside of the store
tend to be a little complicated (in my opinion) because they
> > Thanks, I'll look into that. For the moment I've just switched to
> > having an unencrypted root and encrypted /home partition (where the
> > swapfile also lives),
> > ...which seems to me better from a security standpoint (I can
> > use --iter 500, sha512, without an issue).
> But
Benjamin Slade writes:
> Thanks, Clément.
You're welcome!
> > > > Do you use Libreboot?
> > >
> > > Yes, I'm using Libreboot. Does this make a great difference over the
> > > manufacturer firmware in this case?
>
> > It might, because the GRUB used is the one shipped with Libreboot.
> >
Thanks, Clément.
> > > Do you use Libreboot?
> >
> > Yes, I'm using Libreboot. Does this make a great difference over the
> > manufacturer firmware in this case?
> It might, because the GRUB used is the one shipped with Libreboot.
> So it has nothing to do with Guix. I think talking to
Benjamin Slade writes:
> > Do you use Libreboot?
>
> Yes, I'm using Libreboot. Does this make a great difference over the
> manufacturer firmware in this case?
It might, because the GRUB used is the one shipped with Libreboot. So
it has nothing to do with Guix. I think talking to the
On 2018-08-02T02:24:31-0600, Chris Marusich wrote:
> > Doing a full LUKS-encryption on root, including /boot results in
> > very slow unlocking at boot (about 30 secs even with --iter set to
> > 1000). Is there any way to do an unencrypted /boot with an
> > encrypted root?
> At that
> Do you use Libreboot?
Yes, I'm using Libreboot. Does this make a great difference over the
manufacturer firmware in this case?
> I'm unsure [using an unencrypted /boot] would help, because GRUB
> would still have to unencrypt / to access the kernel (the kernel is
> in /gnu/store).
Ah, I
Benjamin Slade writes:
> Doing a full LUKS-encryption on root, including /boot results in very
> slow unlocking at boot (about 30 secs even with --iter set to 1000). Is
> there any way to do an unencrypted /boot with an encrypted root?
At that stage, is it GRUB that is unlocking the encrypted
Hello!
Eddie Baxter skribis:
> I have attempted to install GuixSD on an encrypted root using LUKS, after
> reading the release notes for 0.12.0 that implies this should now work - My
> config.scm is linked:
>
>