I have a good news and a bad news.
The good news, I manage to boot the system.
The bad news, I have to boot the root file system, hence,
/. This imply that I have either to re-sign the whole disk at every boot or boot every time in unsafe mode.
@joao.azevedo, to answer your question,
/boot is not encrypted, nor is the /` file system.
In parallel of this thread, I also seek help on the guix mailing list. I learn, there, that with GuixSD, the kernel and initrd are not located in
/boot, but, like any other package, in
/gnu/store. This is why I have to boot on the root file system. On a hardware without HEAD, this works, because
/boot , is configured to seek for the kernel files in
However, the consequence is that booting is slow because HEAD needs to browse the whole file system to find the kernel. Moreover, because there is always a file changing on the disk, be it in
/home, for example, HEAD complains at every boot that some files have changed.
IMHO, the HEAD and GuixSD developers need to come together with a solution that allow to boot from
/boot, using HEAD, even with a Guix system.
A suggested workaround, from the GuixSD ML, is to copy the kernel files to
/boot every time a new kernel is installed, but, this is merely a workaround and not a long term solution.
Finally, booting from
/, only works if the root FS is not encrypted, I suspect.