diff options
| author | Tomas Volf <wolf@wolfsden.cz> | 2024-01-11 18:35:40 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-01-14 23:00:03 +0100 |
| commit | 086850e5b2b4a1744565fe83624d256524b64a49 (patch) | |
| tree | c02752272e989134c35dc6dc67735915edc1f25a /gnu/bootloader.scm | |
| parent | d082312ef7adfea69c79d30ef947817b39832161 (diff) | |
| download | guix-086850e5b2b4a1744565fe83624d256524b64a49.tar guix-086850e5b2b4a1744565fe83624d256524b64a49.tar.gz | |
bootloader: grub: Add support for loading an additional initrd.
In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
Diffstat (limited to 'gnu/bootloader.scm')
| -rw-r--r-- | gnu/bootloader.scm | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/gnu/bootloader.scm b/gnu/bootloader.scm index ba06de7618..f32e90e79d 100644 --- a/gnu/bootloader.scm +++ b/gnu/bootloader.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz> ;;; Copyright © 2022 Reza Alizadeh Majd <r.majd@pantherx.org> +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -77,6 +78,7 @@ bootloader-configuration-serial-unit bootloader-configuration-serial-speed bootloader-configuration-device-tree-support? + bootloader-configuration-extra-initrd %bootloaders lookup-bootloader-by-name @@ -279,7 +281,9 @@ instead~%"))) (serial-speed bootloader-configuration-serial-speed (default #f)) ;integer | #f (device-tree-support? bootloader-configuration-device-tree-support? - (default #t))) ;boolean + (default #t)) ;boolean + (extra-initrd bootloader-configuration-extra-initrd + (default #f))) ;string | #f (define-deprecated (bootloader-configuration-target config) bootloader-configuration-targets |