hi everyone! I've been working on submitting to mainline some bootloaders I packaged a while ago on my channel (an efi-stub bootloader supporting secure boot & full disk encryption and p-boot for pinephones) and came across a good few hard points in how guix handles bootloaders. the current system seems to have been made with only grub/extlinux-alikes in mind, and makes working with everything else extremely cumbersome and incompatible with generation rollbacks. before I start making/submitting changes, I wanted to ask for opinions on the following plan:
* merge bootloader-installer and bootloader-disk-image installer. almost all cases where one is used, the other is called with almost the exact same arguments, except for in (gnu system image), which provides the image itself. this should be provided in general; BIOS bootloaders and u-boot need to know the main disk device anyway. * create a new bootloader-config-installer record field (accepting a gexp), replacing bootloader-configuration-file and bootloader-configuration-file-generator. it's really only grub/extlinux-alikes that use a single, static-path config file. uefi configuration involves calling efibootmgr, and p-boot needs an entire configuration partition. can provide a helper procedure to replicate current behavior, and register the gexp as a gc root to prevent gc of boot objects, in lieu of the current behavior. * provide the full bootloader-configuration record to bootloader-installer instead of just bootloader-package. the full record is available every time bootloader-installer is called. * don't provide bootloader-configuration to bootloader-config-installer. reinstall-bootloader (guix scripts system) regens the configuration without access to the full bootloader-configuration record. conceptually, config install should only affect the boot entries themselves anyway. * change initialize-efi-partition (gnu build image) to handle any bootloader-installer when used, providing its partition as the target. also un-hardcode grub in system-disk-image (gnu system image). * to facilitate secure boot support, add a bootloader-configuration-signing-keypair record field accepting a pair of out-of-store paths to encryption keys. * provide generation numbers to bootloader-installer and bootloader-config-installer, to help with coordination between the procedures, and bootloader-config-installer allowing incremental rollbacks in bootloaders that have to copy the kernel/initrd off-root. (thanks Hilton Chain for initial discussion on this in the uefi support patch thread!) - lilah
