Librem Mini+pureboot/head unable to boot after GuixSD installation

montaropdf · August 10, 2021, 12:40pm

Hello,

I have installed GuixSD on my Librem Mini, after rebooting, The system stubornelly stay on the pre-boot screen with the last line printed being ‘Found kexec boot params’.

I have tried re-signing the content of /boot with my librem key, generating new TOTP/HOTP secrets and other thing from the pureboot GUI, but still, no boot to the new OS. does someone managed to run Guix with pureboot/head?

If not what can I do to try to get more information from the machine to diagnose the boot problem?

joao.azevedo · August 12, 2021, 6:04pm

Hello, I assume that in this case the /boot partition is not encrypted correct?

Can you try to boot without the librem key. From the PureBoot menu select Options → Boot options → Ignore tamper and boot → Continue → (press ENTER on whatever first option is selected)

I doubt that it will work but might provide some error infos

montaropdf · August 14, 2021, 11:15am

Hi,

I have a good news and a bad news.

The good news, I manage to boot the system.

The bad news, I have to boot the root file system, hence, /. This imply that I have either to re-sign the whole disk at every boot or boot every time in unsafe mode.

Some context.

@joao.azevedo, to answer your question, /boot is not encrypted, nor is the /` file system.

In parallel of this thread, I also seek help on the guix mailing list. I learn, there, that with GuixSD, the kernel and initrd are not located in /boot, but, like any other package, in /gnu/store. This is why I have to boot on the root file system. On a hardware without HEAD, this works, because grub, in /boot , is configured to seek for the kernel files in /gnu/store.

However, the consequence is that booting is slow because HEAD needs to browse the whole file system to find the kernel. Moreover, because there is always a file changing on the disk, be it in /var/log or /home, for example, HEAD complains at every boot that some files have changed.

IMHO, the HEAD and GuixSD developers need to come together with a solution that allow to boot from /boot, using HEAD, even with a Guix system.

A suggested workaround, from the GuixSD ML, is to copy the kernel files to /boot every time a new kernel is installed, but, this is merely a workaround and not a long term solution.

Finally, booting from /, only works if the root FS is not encrypted, I suspect.