Thanks, Clément. > > > Do you use Libreboot? > > > > Yes, I'm using Libreboot. Does this make a great difference over the > > manufacturer firmware in this case?
> It might, because the GRUB used is the one shipped with Libreboot. > So it has nothing to do with Guix. I think talking to the libreboot > people would help you more. (Disclaimer: I have the same issue, I > find that pressing 'c' and typing 'cryptomount ahci0,gpt3' makes the > process faster.) Thanks, I'll look into that. For the moment I've just switched to having an unencrypted root and encrypted /home partition (where the swapfile also lives), which seems to me better from a security standpoint (I can use --iter 500, sha512, &c. without an issue). > > > I'm unsure [using an unencrypted /boot] would help, because GRUB > > > would still have to unencrypt / to access the kernel (the kernel > > > is in /gnu/store). > > > > Ah, I see. Is this an immutable design decision? It would seem > > good to be able to keep the kernel in a separate space in order to > > avoid the issue of extremely long unlocking times when booting. > Nothing is immutable, but it's a strong design decision that all > packages data are put in /gnu/store. Linux is just one of them. > Plus, a characteristic of GuixSD is that you can revert to previous > configurations. Those configurations appear as GRUB lines. Each > configuration could have a different kernel and kernels take space, > so it wouldn't scale well. Plus, I think some other stuff is needed > as well, like the initrd, which is large too, etc. I mused briefly about mirroring of the relevant things (kernels, initrd) from /gnu/store to /boot, but that's probably pretty hack-y. -- Benjamin Slade - https://babbagefiles.xyz `(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19)) '(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org ) `(Choose Linux ,(Choose Freedom) . https://linux.com )