[bug#68524] [PATCH v2 0/2] Support root encryption and secure boot.

[Hilton Chain]

Hi Lilah,

On Sun, 28 Jan 2024 17:51:38 +0800,
Lilah Tascheter via Guix-patches wrote:
>
> Thank you so much Herman, that motherfucking typo was what made my old-entries
> testing not work. I reworked the majority of the install-uki.scm code, and now
> uefi-uki-bootloader and uefi-uki-signed-bootloader support generation 
> rollback!
> Slightly jank, but it works. On install, we pretty much just cram as many
> generations into the ESP as possible. ESPs are typically small, so we can't
> assume that we can fit more than one UKI, so if we can't fit every extent
> generation we just exit early.
>
> We also don't waste space on root by adding each UKI to the store anymore.
> They're all generated at install time. Added slightly more documentation too.
>
> Otherwise, fixed everything Herman pointed out!
>
> Decided not to add a manual section on manually running /boot/install-uki.scm
> though. It's more of a quirk of getting around guix's bootloader assumptions
> than meant to be run that way; I don't know if it's a good idea to direct
> attention to it. I mean it Works, but it's more of a quick hack.
>
> Lilah Tascheter (2):
>   gnu: bootloaders: Add uki packages.
>   gnu: bootloaders: Add uefi-uki-bootloader.
>
>  doc/guix.texi                |  45 ++++++++----
>  gnu/bootloader/uki.scm       | 129 +++++++++++++++++++++++++++++++++++
>  gnu/local.mk                 |   1 +
>  gnu/packages/bootloaders.scm |  95 ++++++++++++++++++++++++++
>  4 files changed, 258 insertions(+), 12 deletions(-)
>  create mode 100644 gnu/bootloader/uki.scm
>
>
> base-commit: 2823253484e49391c6ba3c653a2f9e9f5e5f38ae
> --
> 2.41.0

Nicely done!  I have tested ‘uefi-uki-bootloader’, and it works!

But currently ‘uefi-uki-bootloader’ doesn't match generation switching well, and
‘uefi-uki-signed-bootloader’ as a procedure further breaks that, right?

I think these issues have to be addressed to get the series merged.

Reviews are coming later.

Thanks