[PATCH] Full encryption

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Full encryption

From:	Petter
Subject:	[PATCH] Full encryption
Date:	Wed, 16 Sep 2015 15:30:53 +0200

To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes 
for me. And i'm now only using one partition (which includes root and boot).

diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index 3081a93..0383a71 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -60,6 +60,10 @@
     (mkdir (scope "proc")))
   (mount "none" (scope "proc") "proc")
 
+  (unless (file-exists? (scope "dev"))
+    (mkdir (scope "dev")))
+  (mount "none" (scope "dev") "devtmpfs")
+
   (unless (file-exists? (scope "sys"))
     (mkdir (scope "sys")))
   (mount "none" (scope "sys") "sysfs"))
@@ -385,9 +389,6 @@ to it are lost."
          (unless (configure-qemu-networking)
            (display "network interface is DOWN\n")))
 
-       ;; Make /dev nodes.
-       (make-essential-device-nodes)
-
        ;; Prepare the real root file system under /root.
        (unless (file-exists? "/root")
          (mkdir "/root"))




In config.scm we primarily added "(define %linux-modules.." and "(initrd..". 
Here's my config.scm in full.

;; This is an operating system configuration template
;; for a "desktop" setup with X11.

(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules xfce wicd avahi xorg certs)

(define %linux-modules
  '(
    ;; cryptsetup/LUKS
    "dm-crypt.ko" "xts.ko"))

(operating-system
  (host-name "x200")
  (timezone "Europe/Paris")
  (locale "en_US.UTF-8")

  ;; Assuming /dev/sdX is the target hard disk, and "root" is
  ;; the label of the target root file system.
  (bootloader (grub-configuration (device "/dev/sda1")))

  (initrd (lambda (fs . args)
     (apply base-initrd fs
        #:extra-modules %linux-modules
        args)))

  (mapped-devices (list (mapped-device
     (source "/dev/sda1")
     (target "guix")
     (type luks-device-mapping))))

  (file-systems (cons (file-system
                        (device "/dev/mapper/guix")
                        (title 'device)
                        (mount-point "/")
                        (type "ext4"))
                      %base-file-systems))

  (users (cons (user-account
                (name "petter")
                (comment "Petter")
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video"))
                (home-directory "/home/petter"))
               %base-user-accounts))

  ;; Add Xfce and Ratpoison; that allows us to choose
  ;; sessions using either of these at the log-in screen.
  (packages (cons* xfce    ;desktop environments
                   xterm wicd avahi  ;useful tools
                   nss-certs         ;for HTTPS access
                   %base-packages))

  ;; Use the "desktop" services, which include the X11
  ;; log-in service, networking with Wicd, and more.
  (services %desktop-services)

  ;; Allow resolution of '.local' host names with mDNS.
  (name-service-switch %mdns-host-lookup-nss))

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Full encryption, Petter <=
- Re: [PATCH] Full encryption, Ludovic Courtès, 2015/09/20
- Re: [PATCH] Full encryption, Petter, 2015/09/20
  - Re: [PATCH] Full encryption, Ludovic Courtès, 2015/09/21

Prev by Date: [PATCH] gnu: guile: Add guile-next
Next by Date: Re: [PATCH] gnu: Add keepassx.
Previous by thread: [PATCH] gnu: guile: Add guile-next
Next by thread: Re: [PATCH] Full encryption
Index(es):
- Date
- Thread