Soon I hope to be able to run Guix proper on my MNT Pocket Reform...

noisytoot@berkeley.edu.pl

@cwebber @jfred @vagrantc you could have another minimal kernel + initramfs that decrypts /boot and then loads guix's kernel with kexec (something like u-root, except u-root doesn't support LUKS (but if disk space isn't an issue you could probably include a cryptsetup binary with u-root if you wanted to use that))

noisytoot@berkeley.edu.pl

@cwebber @jfred @vagrantc this also has the advantage that it wouldn't be as slow as GRUB to decrypt your disk, and if you wanted to you could avoid entering your disk encryption password twice by either putting the key into the second (encrypted) initramfs (although this has security implications for LUKS2 because it makes the key accessible from userspace) or possibly using kexec handover (which I'm not sure how to do, or if it would require kernel modifications, but that is a thing)

cwebber@social.coop

@theesm omg yes I bet @jfred is also interested

jfred@jawns.club

@cwebber @theesm I'm interested but cautiously because my Pocket Reform will actually be my primary computing device for the trip! Will try and find an SD card I can spare, haha

jas@fosstodon.org

@cwebber Doesn’t MNT devices require a non-free blob to train DDR memory, and to even start at all? Which to me is worse than optional WiFi or GPU blobs. The state of libre-friendly user controllable hardware is sad. The MNT effort is great, and helps, but for me this became a deal-breaker to rely more on my MNT Reform.

vagrantc@floss.social

@cwebber @jfred

There is a workaround, essentially a script that manually copies over the relevant files into an unencrypted /boot:

https://issues.guix.gnu.org/48172#4

If you wanted to preserve rollbacks, you'd have to copy all the relevant generations boot files (kernel, initrd, dtb) and adjust the extlinux.conf appropriately, and plan for a larger than expected size for /boot... because this is #Guix :)

Unencrypted rootfs blocks me from really using it more, too!

deedend@fosstodon.org

@cwebber
I would love a reform next, if the support for Linux was better on arm

cwebber@social.coop

@jas There are different modules you can swap in, iirc this doesn't apply to all of them but I'm not quite sure. Regardless, the big thing is we *can* switch out the modules with MNT devices. Even RISC-V and FPGA modules exist for it

cwebber@social.coop

@vagrantc @jfred This is really interesting!

I remember that the Linux kernel has some mechanisms where you can switch out a running kernel "live", handing itself over to another. How usable is that feature? I've wondered if it would be possible to enable such "switching" on boot

jfred@jawns.club

@cwebber @vagrantc That's kexec, yeah. It's usable from a technical standpoint, though I think it can be a bit fiddly to set up. That's what Heads uses to load the OS kernel: https://github.com/linuxboot/heads/blob/master/initrd/bin/kexec-boot

(...and it's used sometimes for faster reboots as well: https://wiki.archlinux.org/title/Kexec)

vagrantc@floss.social

@jfred @cwebber

Yeah, kexec exists, and "guix system reconfigure ..." even generates a kexec script to reboot without going all the way into the bootloader... and sometimes even suceeds!

Maybe for some systems it is quite reliable; I have had mixed results, so not sure I would want to rely on kexec without a lot of testing...

Off the top of my head, petitboot implemented a "boot to minimal linux and kexec to full system" sort of interface... there may be other projects in this space as well.