system: Allow separated /boot and encrypted root.

* gnu/bootloader/grub.scm (grub-configuration-file): New parameter store-crypto-devices. [crypto-devices]: New helper function. [builder]: Use crypto-devices. * gnu/machine/ssh.scm (roll-back-managed-host): Use boot-parameters-store-crypto-devices to provide its contents to the bootloader configuration generation process. * gnu/tests/install.scm (%encrypted-root-not-boot-os, %encrypted-root-not-boot-os): New os declaration. (%encrypted-root-not-boot-installation-script): New script, whose contents were initially taken from %encrypted-root-installation-script. (%test-encrypted-root-not-boot-os): New test. * gnu/system.scm (define-module): Export operating-system-bootoader-crypto-devices and boot-parameters-store-crypto-devices. (<boot-parameters>): Add field store-crypto-devices. (read-boot-parameters): Parse store-crypto-devices field. [uuid-sexp->uuid]: New helper function extracted from device-sexp->device. (operating-system-bootloader-crypto-devices): New function. (operating-system-bootcfg): Use operating-system-bootloader-crypto-devices to provide its contents to the bootloader configuration generation process. (operating-system-boot-parameters): Add store-crypto-devices to the generated boot-parameters. (operating-system-boot-parameters-file): Likewise to the file with the serialized structure. * guix/scripts/system.scm (reinstall-bootloader): Use boot-parameters-store-crypto-devices to provide its contents to the bootloader configuration generation process. * tests/boot-parameters.scm (%default-store-crypto-devices): New variable. (%grub-boot-parameters, test-read-boot-parameters): Use %default-store-crypto-devices. (tests store-crypto-devices): New tests.
author: Miguel Ángel Arruga Vivas <rosen644835@gmail.com> 2020-12-21 13:02:01 +0100
committer: Miguel Ángel Arruga Vivas <rosen644835@gmail.com> 2020-12-21 18:41:11 +0100
commit: f00e68ace070fd5240a4b5874e61c26f6e909b6c (patch)
tree: bc24d20c57d7f979c62707496cdb4f8bff3adfcc /gnu/bootloader
parent: 0127e683f4b701cde6a4869cd0db9618dd5332ee (diff)
download: guix-f00e68ace070fd5240a4b5874e61c26f6e909b6c.tar.gz
1 files changed, 20 insertions, 1 deletions
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index af7b7561ff..29c81ae641 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2019, 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2019 Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
+;;; Copyright © 2019, 2020 Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
 ;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2020 Stefan <stefan-guix@vodafonemail.de>
 ;;;
@@ -359,11 +359,14 @@ code."
                                   (locale #f)
                                   (system (%current-system))
                                   (old-entries '())
+                                  (store-crypto-devices '())
                                   store-directory-prefix)
   "Return the GRUB configuration file corresponding to CONFIG, a
 <bootloader-configuration> object, and where the store is available at
 STORE-FS, a <file-system> object.  OLD-ENTRIES is taken to be a list of menu
 entries corresponding to old generations of the system.
+STORE-CRYPTO-DEVICES contain the UUIDs of the encrypted units that must
+be unlocked to access the store contents.
 STORE-DIRECTORY-PREFIX may be used to specify a store prefix, as is required
 when booting a root file system on a Btrfs subvolume."
   (define all-entries
@@ -411,6 +414,21 @@ menuentry ~s {
                   (string-join (map string-join '#$modules)
                                "\n  module " 'prefix))))))
 
+  (define (crypto-devices)
+    (define (crypto-device->cryptomount dev)
+      (if (uuid? dev)
+          #~(format port "cryptomount -u ~a~%"
+                    ;; cryptomount only accepts UUID without the hypen.
+                    #$(string-delete #\- (uuid->string dev)))
+          ;; Other type of devices aren't implemented.
+          #~()))
+    (let ((devices (map crypto-device->cryptomount store-crypto-devices))
+          ;; XXX: Add luks2 when grub 2.06 is packaged.
+          (modules #~(format port "insmod luks~%")))
+      (if (null? devices)
+          devices
+          (cons modules devices))))
+
   (define (sugar)
     (let* ((entry (first all-entries))
            (device (menu-entry-device entry))
@@ -474,6 +492,7 @@ keymap ~a~%" #$keymap))))
                   "# This file was generated from your Guix configuration.  Any changes
 # will be lost upon reconfiguration.
 ")
+          #$@(crypto-devices)
           #$(sugar)
           #$locale-config
           #$keyboard-layout-config
author	Miguel Ángel Arruga Vivas <rosen644835@gmail.com>	2020-12-21 13:02:01 +0100
committer	Miguel Ángel Arruga Vivas <rosen644835@gmail.com>	2020-12-21 18:41:11 +0100
commit	f00e68ace070fd5240a4b5874e61c26f6e909b6c (patch)
tree	bc24d20c57d7f979c62707496cdb4f8bff3adfcc /gnu/bootloader
parent	0127e683f4b701cde6a4869cd0db9618dd5332ee (diff)
download	guix-f00e68ace070fd5240a4b5874e61c26f6e909b6c.tar.gz