GNU bug report logs - #49654
[PATCH] doc: Add full disc encryption guide to the cookbook

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: jbranso <at> dismail.de
Cc: 49654 <at> debbugs.gnu.org, Sarah Morgensen <iskarian <at> mgsn.dev>, rg <at> raghavgururajan.name
Subject: [bug#49654] [PATCH] doc: Add full disc encryption guide to the cookbook
Date: Thu, 12 Aug 2021 10:04:17 +0200

Hello!

jbranso <at> dismail.de skribis:

> August 11, 2021 10:17 AM, "Ludovic Courtès" <ludo <at> gnu.org> wrote:

[...]

>> My main question would be: what do you think is not covered in the
>> “Manual Installation” section?
>> 
>> That section covers full disk encryption and other things you propose,
>> such as partitioning, downloading the ISO, authenticating it, changing
>> the keyboard layout, etc.
>
> I think that libreboot does not currently support the latest version of
> encryption...or only supports LVM v1....something like that.  Perhaps those
> "libreboot specific encryption commands" need not be in the official manual?

Oh, right.  Perhaps there could be a subsubsection next to “Disk
Partitioning” & co. specifically about LibreBoot support?  Would that
make sense?

>> From a maintenance perspective, it does not seem reasonable to maintain
>> to similar pieces of documentation on these matters. From a user
>> perspective, it could be confusing or downright deceiving if one of
>> these two documents is out of date or erroneous.
>
> I'm game for that.  I personally find the "Manual Installation" section 
> slightly too terse...I've successfully installed guix encrypted before,
> but I had to use the graphical installation.  I have a hard time 
> comprehending how to manually install an encrypted guix, but I also just
> have a very hard time understanding new guix things too.  :)

If you could pinpoint specific things that are missing or too vague in
that section, that’d be great.

Of course we don’t want to explain too much in there because that’d be
too much work, so this section assumes familiarity with GNU/Linux; and
overall, we want to encourage users, both newbies and seasoned GNU/Linux
users, to use the installer, because it’s so much more convenient.

> Perhaps, if the manual does not have it, we could provide an example 
> config of an encrypted /home ?  I feel like the majority of guix users
> do not use libreboot, so a encrypted / is not an option for most of them.

Why is it not an option?  I use encrypted root without Libreboot and the
installer offers that option.

Thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.