GNU bug report logs - #25305
LUKS-encrypted root and unencrypted /boot with GuixSD 0.12.0

Previous Next

Package: guix;

Reported by: ludo <at> gnu.org (Ludovic Courtès)

Date: Fri, 30 Dec 2016 23:53:01 UTC

Severity: normal

Tags: patch

Merged with 37851

Done: Miguel Ángel Arruga Vivas <rosen644835 <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #21 received at 25305 <at> debbugs.gnu.org (full text, mbox):

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
Cc: 25305 <at> debbugs.gnu.org
Subject: Re: bug#25305: LUKS-encrypted root and unencrypted /boot with
 GuixSD 0.12.0
Date: Wed, 18 Nov 2020 17:54:21 +0100

[Message part 1 (text/plain, inline)]
On Mon, 16 Nov 2020 18:56:56 +0100
Jonathan Brielmaier <jonathan.brielmaier <at> web.de> wrote:

> We have now pretty good LUKS support, but I don't know if we support
> this use case. I always have `/boot` encrypted as well...

Unencrypted /boot and encrypted / is necessary to be able to use Heads
(right now).

(It measures /boot in order to find out whether it has been tampered with or
not)

If you want to be able to boot on a Heads system, either Heads needs to be
modified to mount encrypted / , or there needs to be an unencrypted /boot.

[Message part 2 (application/pgp-signature, inline)]
This bug report was last modified 4 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.