Soon I hope to be able to run Guix proper on my MNT Pocket Reform... I'm still running Guix on top of Debian due to my limited time to sort through things
Discussion
Loading...
@cwebber i have guix system running on my pocket from nvme (which is possible with the latest u-boot for pocket), my config isn't on a public git forge yet but if you want to i could help you or anyone interested in this getting things up and running at guix days
@cwebber Saaaaame. I'll let you know if I get anywhere on that - I think before I can daily drive it I need to find a good way to use bits of a community config for the hardware-specific stuff rather than trying to bundle it all into my own config. Gotta share the load somehow!
@jfred I have opened and stared at @vagrantc's config several times https://codeberg.org/vagrantc/mnt-reform-guix-config/src/branch/main/config-mnt-reform.scm
One thing tho is Guix still doesn't have the nice option Debian has for unencrypted /boot and encrypted rest-of-root! Which without Grub becomes a lot more important...
(I think Nix has it, and has the same challenges that Guix does, but they seem to have solved it; presumably we could too?)
There is a workaround, essentially a script that manually copies over the relevant files into an unencrypted /boot:
https://issues.guix.gnu.org/48172#4
If you wanted to preserve rollbacks, you'd have to copy all the relevant generations boot files (kernel, initrd, dtb) and adjust the extlinux.conf appropriately, and plan for a larger than expected size for /boot... because this is #Guix :)
Unencrypted rootfs blocks me from really using it more, too!
@cwebber @vagrantc That's kexec, yeah. It's usable from a technical standpoint, though I think it can be a bit fiddly to set up. That's what Heads uses to load the OS kernel: https://github.com/linuxboot/heads/blob/master/initrd/bin/kexec-boot
(...and it's used sometimes for faster reboots as well: https://wiki.archlinux.org/title/Kexec)
Yeah, kexec exists, and "guix system reconfigure ..." even generates a kexec script to reboot without going all the way into the bootloader... and sometimes even suceeds!
Maybe for some systems it is quite reliable; I have had mixed results, so not sure I would want to rely on kexec without a lot of testing...
Off the top of my head, petitboot implemented a "boot to minimal linux and kexec to full system" sort of interface... there may be other projects in this space as well.
@cwebber @jfred @vagrantc you could have another minimal kernel + initramfs that decrypts /boot and then loads guix's kernel with kexec (something like u-root, except u-root doesn't support LUKS (but if disk space isn't an issue you could probably include a cryptsetup binary with u-root if you wanted to use that))
@cwebber @jfred @vagrantc this also has the advantage that it wouldn't be as slow as GRUB to decrypt your disk, and if you wanted to you could avoid entering your disk encryption password twice by either putting the key into the second (encrypted) initramfs (although this has security implications for LUKS2 because it makes the key accessible from userspace) or possibly using kexec handover (which I'm not sure how to do, or if it would require kernel modifications, but that is a thing)
@cwebber @vagrantc Oh yeah that bit me years ago too when I was booting a Guix machine off of Heads (which likewise doesn't use grub). In that case though I could manually decrypt from the recovery shell, which isn't possible on the Reforms yet due to the lack of graphics in early boot
That might be a sticking point for Guix on MNT hardware too, since rolling back to previous generations from the boot menu is one of the nicer features of Guix
I am going to propagandize at Guix Days that the Guix community should rally around MNT's open hardware laptop things because I hate the direction computer hardware has been going in otherwise and MNT's shit is getting better to use all the time
@cwebber
I would love a reform next, if the support for Linux was better on arm
@cwebber Doesn’t MNT devices require a non-free blob to train DDR memory, and to even start at all? Which to me is worse than optional WiFi or GPU blobs. The state of libre-friendly user controllable hardware is sad. The MNT effort is great, and helps, but for me this became a deal-breaker to rely more on my MNT Reform.
@jas There are different modules you can swap in, iirc this doesn't apply to all of them but I'm not quite sure. Regardless, the big thing is we *can* switch out the modules with MNT devices. Even RISC-V and FPGA modules exist for it
@cwebber As far as I know, MNT don’t sell any CPU module that works with a fully libre OS - the Rockchip RK3588 is the problem. I have ordered their Reform Next to support them, but alas it looks equally problematic. I find the approach taken by Dasharo, to publish details of what is FOSS and what isn’t, an inspiration here: https://docs.dasharo.com/variants/novacustom_nv4x_adl/openness-score/ Pending better libre-compatible hardware, I regard that as the current best in class.
