Soon I hope to be able to run Guix proper on my MNT Pocket Reform... I'm still running Guix on top of Debian due to my limited time to sort through things

I am going to propagandize at Guix Days that the Guix community should rally around MNT's open hardware laptop things because I hate the direction computer hardware has been going in otherwise and MNT's shit is getting better to use all the time

@cwebber Saaaaame. I'll let you know if I get anywhere on that - I think before I can daily drive it I need to find a good way to use bits of a community config for the hardware-specific stuff rather than trying to bundle it all into my own config. Gotta share the load somehow!

@jfred I have opened and stared at @vagrantc's config several times https://codeberg.org/vagrantc/mnt-reform-guix-config/src/branch/main/config-mnt-reform.scm

One thing tho is Guix still doesn't have the nice option Debian has for unencrypted /boot and encrypted rest-of-root! Which without Grub becomes a lot more important...

(I think Nix has it, and has the same challenges that Guix does, but they seem to have solved it; presumably we could too?)

@cwebber @vagrantc Oh yeah that bit me years ago too when I was booting a Guix machine off of Heads (which likewise doesn't use grub). In that case though I could manually decrypt from the recovery shell, which isn't possible on the Reforms yet due to the lack of graphics in early boot

That might be a sticking point for Guix on MNT hardware too, since rolling back to previous generations from the boot menu is one of the nicer features of Guix

@jfred @vagrantc which you could "fix" by booting to microsd and doing the switch there but obv not as nice as grub

@cwebber i have guix system running on my pocket from nvme (which is possible with the latest u-boot for pocket), my config isn't on a public git forge yet but if you want to i could help you or anyone interested in this getting things up and running at guix days

@cwebber @jfred @vagrantc you could have another minimal kernel + initramfs that decrypts /boot and then loads guix's kernel with kexec (something like u-root, except u-root doesn't support LUKS (but if disk space isn't an issue you could probably include a cryptsetup binary with u-root if you wanted to use that))

@cwebber @jfred @vagrantc this also has the advantage that it wouldn't be as slow as GRUB to decrypt your disk, and if you wanted to you could avoid entering your disk encryption password twice by either putting the key into the second (encrypted) initramfs (although this has security implications for LUKS2 because it makes the key accessible from userspace) or possibly using kexec handover (which I'm not sure how to do, or if it would require kernel modifications, but that is a thing)

@theesm omg yes I bet @jfred is also interested