New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow for separate, unencrypted boot partition on EFI system #1083

Open
tsimonq2 opened this Issue Feb 10, 2019 · 9 comments

Comments

Projects
None yet
6 participants
@tsimonq2
Copy link
Contributor

tsimonq2 commented Feb 10, 2019

We have a problem at the moment with Lubuntu where on secureboot EFI system we cannot change the boot flags shipped by default and the maintainer in Ubuntu will not enable the boot flags which make it possible to do secureboot with Calamares as-is. We need the ability to separate out the boot partition as well as the ESP and leave those unencrypted iff the install is encrypted and on an EFI system to be consistent with other Ubuntu flavors.

@abucodonosor

This comment has been minimized.

Copy link
Contributor

abucodonosor commented Feb 10, 2019

So what boot flags you need ? Please explain why is not working.

Not sure you notice this is pure Distribution issue.

@That-Random-Guy

This comment has been minimized.

Copy link

That-Random-Guy commented Feb 10, 2019

Not sure you notice this is pure Distribution issue.

I was told this before and closed my issue without receiving a solution (I closed it the same day). I'm hoping the cycle doesn't repeat. This shall be interesting. ;)

@abucodonosor

This comment has been minimized.

Copy link
Contributor

abucodonosor commented Feb 10, 2019

You still don't tell what LUbuntu needs ..

And I didn't told you to close anything.

Is fact is a Distribution issue when your maintainers refuses to impement
packages the way you need these.

I personally expected all this to be pushed back to calamares :-)

Also if you know what is missing why don't you open a PR ? ..

@That-Random-Guy

This comment has been minimized.

Copy link

That-Random-Guy commented Feb 10, 2019

You still don't tell what LUbuntu needs ..

And I didn't told you to close anything.

Is fact is a Distribution issue when your maintainers refuses to impement
packages the way you need these.

I personally expected all this to be pushed back to calamares :-)

Also if you know what is missing why don't you open a PR ? ..

I already made the point across to them. They know it's a problem. That's why Simon is here.

I know you didn't close my issue, I clearly stated I did. The reason being that I was specifically recommended not to take my complaints here because they would supposedly get pushed to the distribution guys---which is what I expect to happen.

I clearly don't know what's missing. I'm not a developer.

Take what I've said at face value. I'm merely stating that I was suggested not to post here and yet the circumstances being what they are, we see this now.

It's kind of funny. ;)

@adriaandegroot

This comment has been minimized.

Copy link
Contributor

adriaandegroot commented Feb 11, 2019

This mostly sounds like a dup of #1073, where someone has an encrypted / and separate (unecrypted) /boot (if I read that issue properly).

In general, "we need such-and-such" in Calamares because something else is broken elsewhere isn't a good reason for adding things to Calamares itself. You could always use a custom Python module to iron out whatever it is that is broken in your setup.

That said, I'm not exactly sure what you expect either the UI or the configuration format to be to make this possible. So (@tsimonq2 ) please re-describe the problem without reference to distro-specific packaging problems: what are you trying to do.

@kkofler

This comment has been minimized.

Copy link
Contributor

kkofler commented Feb 11, 2019

In #1073, they used the manual partitioning to set the system up this way, and it fails to boot because Calamares sets things up incorrectly. That one is IMHO a clear bug in Calamares.

This one, on the other hand, apparently wants the automatic partitioning to support setting things up this way, which is more of an RFE than a bug.

@tsimonq2

This comment has been minimized.

Copy link
Contributor Author

tsimonq2 commented Feb 11, 2019

This is not just a Lubuntu issue. I can only control what I can control, and I can't use the GRUB config provided by Calamares. I only stated this so it wasn't immediately closed as a distro issue...

On to my actual point, the solution to this issue is to manually partition /boot and the ESP as unencrypted and keep / encrypted. I can't do this with a Python script, I can't do this simply by telling the user because that's bad UX. What I'd like here is the ability to ship a contextual file in Lubuntu's config so iff an encrypted EFI system is selected, it chooses our custom partitioning config. This can benefit everyone, and isn't distro specific. We already have a feature much like this, it just needs contextual support.

@abucodonosor

This comment has been minimized.

Copy link
Contributor

abucodonosor commented Feb 11, 2019

I can only control what I can control

You can control what you wish ..

and I can't use the GRUB config provided by Calamares

Exactly because of what ?

On to my actual point, the solution to this issue is to manually partition /boot and the ESP as unencrypted and keep / encrypted

Again why is this so ?

Is this the old _ Debian/Ubutu doing that different issue_ ?
( which is solved by correcting scripts in the iso building process
I worked that out a while ago with @highvoltage on IRC)

This can benefit everyone, and isn't distro specific

Well it is .. And no , other Distributions doesn't have such problems , they just work
with or without /boot or whatever else crypted or not.

What you are requesting here is calamares doing workarounds for Lubuntu or
actually Ubuntu derivates , the ones cannot sort such issues themself in the
iso creatio(s) scripts etc.

@apt-ghetto

This comment has been minimized.

Copy link

apt-ghetto commented Feb 12, 2019

Well it is .. And no , other Distributions doesn't have such problems , they just work
with or without /boot or whatever else crypted or not.

Could you please share a link to the right documentation? In Deploy-LUKS I can't find a section where it is explained how to configure calamares to create a separate /boot partition beside the encrypted / partition and the esp.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment