In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
This rework allows to use an (efi-bootloader-chain) like this, which is able
to boot over network or local storage, depending on whether the bootloader
target has support for symbolic links:
(operating-system
(bootloader
(bootloader-configuration
(bootloader
(efi-bootloader-chain
grub-efi-netboot-removable-bootloader
#:packages (list my-firmware-package
my-u-boot-package)
#:files (list (plain-file "config.txt"
"kernel=u-boot.bin"))
#:hooks my-special-bootloader-profile-manipulator))
(targets '("/booti/efi"))
…))
…)
* doc/guix.texi (Bootloader Configuration): Describe the new
‘grub-efi-netboot-removable-bootloader’. Mention the file names used and that
the UEFI Boot Manager is not modified. Advise to disable write-access over
TFTP.
* gnu/bootloader.scm (efi-bootloader-profile): Allow a list of packages and
collect everything directly in the profile, avoiding a separate collection
directory. Renamed the profile from "bootloader-profile" to
"efi-bootloader-profile".
[bootloader-collection]: Rename to...
[efi-bootloader-profile-hook]: ... this and remove unused modules. Do not
create the now extraneous collection directory.
(efi-bootloader-chain): Add PACKAGES and DISK-IMAGE-INSTALLER arguments.
Remove handling of the collection directory, now only calling the given
installer procedure.
* gnu/bootloader/grub.scm (make-grub-efi-netboot-installer): New helper.
(make-grub-configuration): New helper based on (grub-configuration-file). Add
a GRUB argument, fix indentation, remove previous code retrieving GRUB from
CONFIG.
(grub-configuration-file): Make use of make-grub-configuration.
(grub-efi-configuration-file): New procedure.
(grub-cfg): New variable to replace "/boot/grub/grub.cfg".
(install-grub-efi-netboot): Remove, splitting logic to...
(make-grub-efi-netboot-installer): ... this new helper procedure, as well as
to make-grub-efi-netboot, added below.
(grub-bootloader): Adjust to use the GRUB-CFG.
(grub-efi-bootloader): Likewise. Removed inheritance and declare all fields
explicitly.
(make-grub-efi-netboot-bootloader): New procedure.
(grub-efi-netboot-bootloader): Use it.
(grub-efi-netboot-removable-bootloader): New variable.
* gnu/packages/bootloaders.scm (make-grub-efi-netboot): New procedure.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
In some specific cases where the device tree file is already loaded in RAM, it
can be preferable that the bootloader does not try to use a device tree from
the Linux kernel tree.
* gnu/bootloader.scm (<bootloader-configuration>)[device-tree-support?]: New field.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Add FDTDIR line
based on <device-tree-support?> field of <bootloader-configuration>.
* doc/guix.texi (Bootloader Configuration)[device-tree-support?]: Add
documentation for the new field.
Previously, menu-entry->sexp didn't try to convert `device` to a
proper sexp, which was inserted directly into the boot parameters
G-exp, leading to a G-exp input error. Now convert both uuid and
file-system-label possibilities to sexps, and add parsing code to
sexp->menu-entry. This fixes#57307.
* gnu/bootloader.scm (menu-entry->sexp, sexp->menu-entry): Take
non-string devices into account.
Signed-off-by: Marius Bakke <marius@gnu.org>
This follows up on commit 8a0e1bb12b.
* gnu/bootloader.scm: Don't export
bootloader-configuration-additional-configuration, which no longer
exists.
Reported by muradm in #guix.
* gnu/bootloader.scm (%warn-target-field-deprecation): Remove it.
* gnu/bootloader.scm (warn-target-field-deprecation): Use
define-with-syntax-properties.
* gnu/system.scm (ensure-setuid-program-list): Ditto. Also rename the
'location' variable to 'properties'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to 2ca982ff41.
* gnu/bootloader.scm (warn-target-field-deprecation): New macro.
(<bootloader-configuration>)[target]: Add 'sanitize' property.
(%warn-target-field-deprecation): New procedure.
(bootloader-configuration-target): Define using 'define-deprecated'.
(bootloader-configuration-targets): Use
'%bootloader-configuration-target' rather than the deprecated one.
Fixes <https://issues.guix.gnu.org/40997>.
* gnu/bootloader.scm (<bootloader-configuration>): New 'targets' field.
(%bootloader-configuration-target): New procedure.
(bootloader-configuration-target): Add deprecation warning.
(bootloader-configuration-targets): New procedure.
* guix/scripts/system.scm (install): Access targets via
bootloader-configuration-targets.
(perform-action)[bootloader-target]: Remove unused argument and update doc.
Access targets via bootloader-configuration-targets and fix indentation.
(process-action): Access targets via bootloader-configuration-targets.
Do not provide the unused BOOTLOADER-TARGET argument when applying
`perform-action'.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Rename
DEVICE argument to DEVICES. Adjust doc and comment. Apply `installer' and
`disk-installer' for every DEVICES.
(install-bootloader): Access targets via bootloader-configuration-targets and
rename variable from DEVICE to DEVICES.
* gnu/tests/install.scm: Adjust accordingly.
* tests/guix-system.sh: Likewise.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Adjust the DEVICES
argument so that it is a list.
* doc/guix.texi: Update doc.
* gnu/bootloader.scm (efi-bootloader-profile): New function.
(efi-bootloader-chain): New function.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/bootloader.scm (<bootloader>)[disk-image-installer]: New field,
(bootloader-disk-image-installer): export it.
* gnu/bootloader/grub.scm (install-grub-disk-image): New procedure ...
(grub-bootloader): ... used as "disk-image-installer" here.
(grub-efi-bootloader): set "disk-image-installer" to #f.
* gnu/system/image.scm (root-partition?, find-root-partition): Move to
"Helpers" section.
(root-partition-index): New procedure.
(system-disk-image): Honor disk-image-installer, and
use it to install the bootloader directly on the disk-image, if supported.
This allows us to keep track of the extra menu entries specified in the
OS configuration.
* gnu/system.scm (<boot-parameters>)[bootloader-menu-entries]: New field.
(read-boot-parameters): Initialize it.
(operating-system-boot-parameters): Likewise.
(operating-system-boot-parameters-file): Serialize it.
* gnu/bootloader.scm (menu-entry->sexp, sexp->menu-entry): New
procedures.
* gnu/bootloader/grub.scm (keyboard-layout-file): New procedure.
(grub-configuration-file)[keyboard-layout-file]: New variable.
[builder]: Use it.
* gnu/bootloader.scm (<bootloader-configuration>)[keyboard-layout]: New
field.
* doc/guix.texi (Bootloader Configuration): Document it.
Co-authored-by: nee <nee-git@hidamari.blue>
The 'device' field had been deprecated in commit
045ebb3e58 (August 2017).
* gnu/bootloader.scm (<bootloader-configuration>)[device]: Remove.
[target]: Change getter to 'bootstrap-configuration-target'.
(bootstrap-configuration-target): Remove.
This reduces the closure of (guix discovery) from 28 to 8 modules.
* guix/discovery.scm (scheme-files): Use 'format' instead of 'warning'.
(scheme-modules): Add #:warn parameter. Use it instead of
'warn-about-load-error'.
(fold-modules): Add #:warn and pass it to 'scheme-modules'.
(all-modules): Likewise.
* gnu/bootloader.scm (bootloader-modules): Pass #:warn to 'all-modules'.
* gnu/packages.scm (fold-packages): Likewise.
* gnu/services.scm (all-service-modules): Likewise.
* guix/upstream.scm (importer-modules): Likewise.
* gnu/bootloader.scm (<bootloader-configuration>): Deprecate "device" field in
favor of "target" field. This is mostly a renaming but also a generalization
to support UEFI targets being paths to a mounted partition instead of a device
name.
* gnu/system/examples/bare-bones.tmpl:
* gnu/system/examples/desktop.tmpl:
* gnu/system/examples/lightweight-desktop.tmpl:
* gnu/system/examples/vm-image.tmpl:
* gnu/system/install.scm:
* gnu/tests.scm:
* gnu/tests/install.scm:
* gnu/tests/nfs.scm:
* tests/system.scm: Adapt all invocations of bootloader-configuration.
* guix/scripts/system.scm (perform-action): Rename device argument to
bootloader-target.
(process-action): Adapt caller.
* doc/guix.texi (Proceeding with the Installation):
* doc/guix.texi (Bootloader Configuration): Update documentation.
* gnu/bootloader.scm (menu-entry-device-mount-point): New variable. Export it.
(<menu-entry>: New field "device".
* gnu/bootloader/grub.scm (grub-confgiuration-file): Handle <menu-entry>
entries.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Handle
<menu-entry> entries.
* gnu/system.scm (menu->entry->boot-parameters): Delete variable.
(boot-parameters->menu-entry): New variable. Export it.
(operating-system-bootcfg): Make OLD-ENTRIES a list of <menu-entry>.
* guix/script/system.scm (reinstall-bootloader): Fix bootcfg usage.
(perform-action): Fix bootcfg usage.
* gnu/bootloader.scm (<menu-entry>): New variable. Export associated getters,
This record is extracted from grub module.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Use
menu-entry->boot-parameters to convert menu-entry records to
boot-parameters.
* gnu/bootloader/grub.scm (<menu-entry>): Remove.
(boot-parameters->menu-entry): Remove.
(grub-configuration-file): Use boot-parameters to create configuration
entries.
* gnu/system.scm (menu-entry->boot-parameters): New exported procedure.
* gnu/bootloader.scm: New file.
* gnu/bootloader/extlinux.scm: New file.
* gnu/bootloader/grub.scm: New file.
* gnu/local.mk: Build new files.
* gnu/system.scm: Adapt to new bootloader api.
* gnu/scripts/system.scm: Adapt to new bootloader api.
* gnu.scm: Remove (gnu system grub) and replace by (gnu bootloader) and (gnu
bootloader grub) modules.
* gnu/system/grub.scm: Moved content to gnu/bootloader/grub.scm.
* gnu/system/vm: Replace (gnu system grub) module by (gnu bootloader).
* gnu/tests.scm: Ditto.
* gnu/tests/nfs.scm: Ditto.
Tomas Volf
Ludovic Courtès
Stefan
tiantian
Mathieu Othacehe
Reza Alizadeh Majd
Josselin Poiret
Tobias Geerinckx-Rice
Maxim Cournoyer
Jan (janneke) Nieuwenhuizen
Andy Wingo
Danny Milosavljevic
Mathieu Othacehe