In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
* gnu/bootloader/grub.scm (make-grub-configuration): When "noide" is in
arguments, use device name "wd0" rather than "hd0".
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
This reverts to the name this package had previous to commit
c2c1dfdf57 ("gnu: bootloader: Add U-Boot
packages for Raspberry Pi models."), which caused the package name to be
derived from the board name.
* gnu/packages/bootloaders.scm (u-boot-am335x-evm-boneblack): Remove the
NAME-SUFFIX keyword argument. Specify the full name via the name field.
* gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust to
the renamed package.
Reported-by: Vagrant Cascadian <vagrant@debian.org>
This rework allows to use an (efi-bootloader-chain) like this, which is able
to boot over network or local storage, depending on whether the bootloader
target has support for symbolic links:
(operating-system
(bootloader
(bootloader-configuration
(bootloader
(efi-bootloader-chain
grub-efi-netboot-removable-bootloader
#:packages (list my-firmware-package
my-u-boot-package)
#:files (list (plain-file "config.txt"
"kernel=u-boot.bin"))
#:hooks my-special-bootloader-profile-manipulator))
(targets '("/booti/efi"))
…))
…)
* doc/guix.texi (Bootloader Configuration): Describe the new
‘grub-efi-netboot-removable-bootloader’. Mention the file names used and that
the UEFI Boot Manager is not modified. Advise to disable write-access over
TFTP.
* gnu/bootloader.scm (efi-bootloader-profile): Allow a list of packages and
collect everything directly in the profile, avoiding a separate collection
directory. Renamed the profile from "bootloader-profile" to
"efi-bootloader-profile".
[bootloader-collection]: Rename to...
[efi-bootloader-profile-hook]: ... this and remove unused modules. Do not
create the now extraneous collection directory.
(efi-bootloader-chain): Add PACKAGES and DISK-IMAGE-INSTALLER arguments.
Remove handling of the collection directory, now only calling the given
installer procedure.
* gnu/bootloader/grub.scm (make-grub-efi-netboot-installer): New helper.
(make-grub-configuration): New helper based on (grub-configuration-file). Add
a GRUB argument, fix indentation, remove previous code retrieving GRUB from
CONFIG.
(grub-configuration-file): Make use of make-grub-configuration.
(grub-efi-configuration-file): New procedure.
(grub-cfg): New variable to replace "/boot/grub/grub.cfg".
(install-grub-efi-netboot): Remove, splitting logic to...
(make-grub-efi-netboot-installer): ... this new helper procedure, as well as
to make-grub-efi-netboot, added below.
(grub-bootloader): Adjust to use the GRUB-CFG.
(grub-efi-bootloader): Likewise. Removed inheritance and declare all fields
explicitly.
(make-grub-efi-netboot-bootloader): New procedure.
(grub-efi-netboot-bootloader): Use it.
(grub-efi-netboot-removable-bootloader): New variable.
* gnu/packages/bootloaders.scm (make-grub-efi-netboot): New procedure.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
In some specific cases where the device tree file is already loaded in RAM, it
can be preferable that the bootloader does not try to use a device tree from
the Linux kernel tree.
* gnu/bootloader.scm (<bootloader-configuration>)[device-tree-support?]: New field.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Add FDTDIR line
based on <device-tree-support?> field of <bootloader-configuration>.
* doc/guix.texi (Bootloader Configuration)[device-tree-support?]: Add
documentation for the new field.
* gnu/bootloader/grub.scm (grub-efi32-bootloader): New variable.
(install-grub-efi32): New variable.
* gnu/build/bootloader.scm (install-efi): Add a 'targets' keyword
argument.
(install-efi-loader): Likewise.
* gnu/build/image.scm (initialize-efi32-partition): New procedure.
* gnu/packages/bootloaders.scm (grub-efi32): New variable.
* gnu/system/image.scm (esp32-partition): New variable
(efi32-disk-image): New variable.
(efi32-raw-image-type): New variable.
(system-disk-image)[partition-image]: Set '#:grub-efi32' when
calling the partition initializer.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
For single-disk installs (external USBs) and for amnesiac UEFIs, Guix is not
found using its default Grub EFI bootloader location of
/boot/efi/EFI/Guix/grubx64.efi means the Guix install will not be found.
To handle this, we can place the bootloader file in the UEFI specification
location, overwriting any other OS that may have placed a file there. This
location is namely /boot/efi/EFI/BOOT/BOOTX64.efi. Grub has explicit support
for this location/situation with the `--removable` flag.
* gnu/bootloader/grub.scm (install-grub-efi-removable)
(grub-efi-removable-bootloader): New variables.
* doc/guix.texi (Bootloader Configuration): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/bootloader/grub.scm (grub-setup-io): Fix serial mode display by
declaring the serial property before the terminal_input and terminal_output
properties.
This fixes boot breakage introduced in commit:
a65c935e29
Multiple files were still needed, but the filenames changed.
* gnu/bootloader/u-boot.scm (install-allwinner64-u-boot): Update to
use both SPL and u-boot files with new filenames.
* gnu/bootloader/grub.scm (setup-gfxterm): Remove parameter font-file.
Refer to the installed font in /boot, not in the store.
(font-file): Delete obsolete function.
(install-grub): When populating a disk-image, install the unicode font, too.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/bootloader/grub.scm (grub-configuration-file): New parameter
store-crypto-devices.
[crypto-devices]: New helper function.
[builder]: Use crypto-devices.
* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* gnu/tests/install.scm (%encrypted-root-not-boot-os,
%encrypted-root-not-boot-os): New os declaration.
(%encrypted-root-not-boot-installation-script): New script, whose contents
were initially taken from %encrypted-root-installation-script.
(%test-encrypted-root-not-boot-os): New test.
* gnu/system.scm (define-module): Export
operating-system-bootoader-crypto-devices and
boot-parameters-store-crypto-devices.
(<boot-parameters>): Add field store-crypto-devices.
(read-boot-parameters): Parse store-crypto-devices field.
[uuid-sexp->uuid]: New helper function extracted from
device-sexp->device.
(operating-system-bootloader-crypto-devices): New function.
(operating-system-bootcfg): Use
operating-system-bootloader-crypto-devices to provide its contents to
the bootloader configuration generation process.
(operating-system-boot-parameters): Add store-crypto-devices to the
generated boot-parameters.
(operating-system-boot-parameters-file): Likewise to the file with
the serialized structure.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* tests/boot-parameters.scm (%default-store-crypto-devices): New
variable.
(%grub-boot-parameters, test-read-boot-parameters): Use
%default-store-crypto-devices.
(tests store-crypto-devices): New tests.
This reverts commit 03fb57ff77, which
breaks most system tests. Specifically, grub.cfg.drv fails to build:
ERROR: In procedure canonicalize-path:
In procedure canonicalize-path: No such file or directory
* gnu/bootloader/grub.scm (eye-candy)(font-file): Fix unicode font loading
when booting over TFTP.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
Fixes <http://issues.guix.gnu.org/44353>.
Every bootloader should try their best to install themselves using only the
MOUNT-POINT and otherwise do nothing. This requirement comes from the
necessity to call INSTALL-GRUB when installing the (non-EFI) GRUB bootloader,
which needs to populate the root file system with extra modules that cannot be
fit in the core.img file, limited in size to 491520 bytes (by the i386-pc
format required for legacy BIOS compatibility).
As introducing bootloader knowledge at the level of the image code is
undesirable, every bootloader should be adapted to support this fall-back for
their installation procedure (TODO).
* gnu/bootloader/grub.scm (install-grub-efi)[efi-dir]: Skip when the EFI-DIR
argument is set to #f.
* gnu/bootloader/grub.scm (grub-locale-directory): New function.
(grub-configuration-file)[locale-config]: Use grub-locale-directory and
avoid the extra search when eye-candy have performed it.
* gnu/bootloader/grub.scm (define-module): Add new dependency.
(grub-configuration-file): Add locale keyword.
(grub-configuration-file)[locale-config]: New variable with generated
locale configuration when locale parameter has been provided.
[builder]: Add locale-config.
This is a follow-up of f19cf27c2b. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
* gnu/bootloader/grub.scm (grub-efi-netboot-bootloader): New variable.
(install-grub-efi-netboot): New procedure.
(grub-root-search): Update comment.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/bootloader/grub.scm (grub-minimal-bootloader): Use "define".
(grub-efi-bootloader): Use "define".
(grub-mkrescue-bootloader): Use "define".
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
This is a follow-up of 536c53d347, that do not
use the native version of "font-file", breaking cross-compilation.
* gnu/bootloader/grub.scm (eye-candy): Use the native version of "font-file".
* gnu/bootloaders/grub.scm (eye-candy): Use gfxterm depending only on
(bootloader-configuration (terminal-outputs …)), which defaults to '(gfxterm).
This makes the system argument obsolete.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Following discussion in <https://issues.guix.gnu.org/37305>, it seems more
appropriate to give the parameter a more generic name that better describes
what it does.
* gnu/bootloader/grub.scm (normalize-file): Rename the
BTRFS-SUBVOLUME-FILE-NAME parameter to STORE-DIRECTORY-PREFIX, and always
assume this argument to be a string.
(eye-candy): Likewise. Default STORE-DIRECTORY-PREFIX to "".
(grub-configuration-file): Likewise.
* gnu/system.scm (operating-system-bootcfg): Adapt.
* gnu/bootloader/grub.scm (install-grub): When creating a disk-image,
grub-install will fail because it lacks root permissions. In that case, do not
run grub-install and only copy Grub modules to the /boot directory.
* gnu/bootloader.scm (<bootloader>)[disk-image-installer]: New field,
(bootloader-disk-image-installer): export it.
* gnu/bootloader/grub.scm (install-grub-disk-image): New procedure ...
(grub-bootloader): ... used as "disk-image-installer" here.
(grub-efi-bootloader): set "disk-image-installer" to #f.
* gnu/system/image.scm (root-partition?, find-root-partition): Move to
"Helpers" section.
(root-partition-index): New procedure.
(system-disk-image): Honor disk-image-installer, and
use it to install the bootloader directly on the disk-image, if supported.
* gnu/bootloader/grub.scm (strip-mount-point): Remove procedure.
(normalize-file): Add procedure.
(grub-configuration-file): New BTRFS-SUBVOLUME-FILE-NAME parameter. When
defined, prepend its value to the kernel and initrd file names, using the
NORMALIZE-FILE procedure. Adjust the call to EYE-CANDY to pass the
BTRFS-SUBVOLUME-FILE-NAME argument. Normalize the KEYMAP file as well.
(eye-candy): Add a BTRFS-SUBVOLUME-FILE-NAME parameter, and use it, along with
the NORMALIZE-FILE procedure, to normalize the FONT-FILE and IMAGE nested
variables. Adjust doc.
* gnu/bootloader/depthcharge.scm (depthcharge-configuration-file): Adapt.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Likewise.
* gnu/system/file-systems.scm (btrfs-subvolume?)
(btrfs-store-subvolume-file-name): New procedures.
* gnu/system.scm (operating-system-bootcfg): Specify the Btrfs
subvolume file name the store resides on to the
`operating-system-bootcfg' procedure, using the new
BTRFS-SUBVOLUME-FILE-NAME argument.
* doc/guix.texi (File Systems): Add a Btrfs subsection to document the use of
subvolumes.
* gnu/tests/install.scm (%btrfs-root-on-subvolume-os)
(%btrfs-root-on-subvolume-os-source)
(%btrfs-root-on-subvolume-installation-script)
(%test-btrfs-root-on-subvolume-os): New variables.
* gnu/bootloaders/grub.scm (<grub-image>): Remove this record and replace it
by ...
(<grub-theme>)[image]: ... this field with the default from %background-image,
(<grub-theme>)[resolution]: ... this field with the defaults from 'width' and
'height' of 'grub-background-image'.
(<grub-theme>)[images]: Remove this field.
(svg->png): Rename to ...
(image->png): ... and use 'copy-file' instead of 'svg->png', if the suffix of
the image file is not ".svg".
(grub-background-image): Remove the arguments 'width' and 'height'.
(grub-theme-image): Add function.
(grub-theme-resolution): Add function.
(grub-theme-gfxmode): Add function.
(grub-image): Remove function.
(grub-image?): Remove function.
(grub-image-aspect-ratio): Remove function.
(grub-image-file): Remove function.
(grub-theme-images): Remove function.
(%default-theme): Remove variable.
(%background-image): Remove variable.
Using image formats different to SVG was not possible.
For a <grub-image> to be chosen, the 'aspect-ratio' of it had to be 4/3, as the
resolution of any image was defaulting to 1024 x 768.
There was no code to determine the proper boot-resolution to make any use of a
list of images with different aspect-ratios.
It seems to be a better solution to only define a single image with any format,
and use a given resolution only for the conversion from a SVG file. This also
makes the use of a special <grub-image> record unnecessary.
Moving the default values from '%background-image' and '%default-theme' into
<grub-theme> makes a customisation easier without (inherit) and allows to remove
the undocumented variables %background-image' and '%default-theme'.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/packages/bootloaders (u-boot-pinebook-pro-rk3399): New variable.
* gnu/packages/patches/u-boot-DT-for-Pinebook-Pro.patch: New file.
* gnu/packages/patches/u-boot-add-boe-nv140fhmn49-display.patch: New file.
* gnu/packages/patches/u-boot-gpio-keys-binding-cons.patch: New file.
* gnu/packages/patches/u-boot-leds-common-binding-con.patch: New file.
* gnu/packages/patches/u-boot-support-Pinebook-Pro-laptop.patch: New file.
* gnu/packages/patches/u-boot-video-rockchip-fix-build.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add new patches.
* gnu/bootloader/u-boot.scm (install-pinebook-pro-rk3399-u-boot,
u-boot-pinebook-pro-rk3399-bootloader): New variable.
Co-authored-by: Jan Nieuwenhuizen <janneke@gnu.org>
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* gnu/bootloader/grub.scm (keyboard-layout-file): Replace commas with
hyphens in the first argument to 'computed-file'.
* gnu/system/keyboard.scm (keyboard-layout->console-keymap): Likewise.
* doc/guix.texi (Keyboard Layout): Add example.
* gnu/bootloader/grub.scm (eye-candy)[setup-gfxterm-body]: Define the GFXMODE
binding using AND-LET* instead of chained AND=>. Add a comment about
supporting graphical mode on other systems than x86. Generate configuration
string using FORMAT rather than STRING-APPEND.