#nixos-aarch64 on 2019-04-13

2018-09-23 16:56 gchristensen changed the topic of #nixos-aarch64 to: Get access to the NixOS Community aarch64 build box: https://github.com/nix-community/aarch64-build-box ... todo: https://hydra.nixos.org/jobset/nixpkgs/trunk#tabs-jobs build box status: https://monitoring.nix.ci/d/hkRCcV0mk/instance-metrics?var-instance=aarch64.nixos.community&orgId=1

00:04 alex_giusi_tiri has joined #nixos-aarch64

00:19 alunduil has quit [Ping timeout: 268 seconds]

00:22 alunduil has joined #nixos-aarch64

00:26 alunduil has quit [Max SendQ exceeded]

00:29 alunduil has joined #nixos-aarch64

00:32 alunduil has quit [Max SendQ exceeded]

00:40 alunduil has joined #nixos-aarch64

01:09 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

01:09 st4ll1 has joined #nixos-aarch64

01:14 st4ll1 has quit [Client Quit]

01:17 st4ll1 has joined #nixos-aarch64

01:36 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

01:36 st4ll1 has joined #nixos-aarch64

01:42 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

01:42 st4ll1 has joined #nixos-aarch64

01:57 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

01:57 st4ll1 has joined #nixos-aarch64

02:07 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

02:07 st4ll1 has joined #nixos-aarch64

03:15 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

03:16 st4ll1 has joined #nixos-aarch64

03:57 st4ll1 has quit [Quit: ZNC 1.7.1 - https://znc.in]

03:57 st4ll1 has joined #nixos-aarch64

05:10 alex_giusi_tiri has left #nixos-aarch64 [#nixos-aarch64]

07:37 zupo has joined #nixos-aarch64

07:44 zupo has quit [Ping timeout: 264 seconds]

07:45 duncan^ has quit [Ping timeout: 252 seconds]

07:47 duncan^ has joined #nixos-aarch64

08:00 orivej has joined #nixos-aarch64

08:05 pxc has quit [Ping timeout: 240 seconds]

09:20 <mthst> is it possible to have full disk encryption on an RPi 3?

09:21 <sphalerite> mthst: depends on how full "full" is :)

09:23 <sphalerite> mthst: you can have a LUKSed root filesystem like on most devices, but I think /boot needs to be unencrypted

09:24 <sphalerite> that would be enough for your data not to be accessible if someone steals the pi or the SD card though.

09:25 <mthst> sphalerite: i disabled the use of the /boot partition as described here https://nixos.wiki/wiki/NixOS_on_ARM#Disable_use_of_.2Fboot_partition

09:26 <mthst> that would be good enough for me

09:27 <sphalerite> I don't know how to actually do this without an installer system booted though

09:28 <mthst> i don't understand

10:15 orivej has quit [Quit: No Ping reply in 180 seconds.]

10:17 orivej has joined #nixos-aarch64

10:24 orivej_ has joined #nixos-aarch64

10:25 orivej has quit [Ping timeout: 268 seconds]

10:36 orivej_ has quit [Quit: No Ping reply in 180 seconds.]

10:37 orivej has joined #nixos-aarch64

11:38 <clever> mthst: such changes have to be done when the OS isnt booted, and you then run nixos-install

11:38 <clever> youll probably want a 2nd SD card in a usb reader, and install to that, then swap and boot

11:54 <mthst> clever: oh, got it.

11:55 <mthst> but according to wikipedia the RPi 3 can boot from usb

11:55 <duncan^> it needs something on sd card though I think?

11:56 <duncan^> to read the boot blob for the video or something is what I recall

11:57 <mthst> video??

11:59 zupo has joined #nixos-aarch64

11:59 <sphalerite> because the raspi has a really weird architecture where the GPU brings up the CPU rather than the other way round

11:59 <sphalerite> iirc

11:59 <sphalerite> clever knows these things

12:01 <mthst> oh, yes i've read this somewhere

12:14 <mthst> according to this https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/msd.md

12:14 <mthst> you can boot to usb without an sd card

12:15 <mthst> but you have to "set the usb boot bit in one-time programmable memory"

12:15 <mthst> first

12:19 <clever> yep

12:19 <mthst> how do you do it on NixOS?

12:20 <clever> same as every other distro

12:20 <clever> set a field in config.txt and reboot

12:22 <mthst> who reads the config.txt?

12:22 <mthst> and when?

12:23 <clever> the gpu firmware, as it boots

12:24 zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

12:24 <mthst> i can't change it back if i set the bit, right? are there any drawbacks?

12:25 <clever> i think it also enables netboot

12:25 zupo has joined #nixos-aarch64

12:26 <clever> if an attacker is on your ethernet he could boot his own thing on the pi, if the sd and usb is missing

12:29 <mthst> i see

12:30 <mthst> can nixos-install to an iso?

12:30 <mthst> and then i can dd it back to the sd

12:31 <clever> not sure

12:44 zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

13:03 <mthst> what about https://nixos.wiki/wiki/ARM#Build_your_own_image would that work?

13:05 zupo has joined #nixos-aarch64

13:30 Thra11 has joined #nixos-aarch64

13:33 zupo_ has joined #nixos-aarch64

13:36 zupo has quit [Ping timeout: 264 seconds]

13:45 zupo_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

13:50 Thra11 has quit [Ping timeout: 250 seconds]

14:27 orivej has quit [Quit: No Ping reply in 180 seconds.]

14:29 orivej has joined #nixos-aarch64

14:54 orivej has quit [Quit: No Ping reply in 180 seconds.]

14:55 orivej has joined #nixos-aarch64

15:07 orivej has quit [Remote host closed the connection]

15:08 orivej has joined #nixos-aarch64

16:45 zupo has joined #nixos-aarch64

18:59 pxc has joined #nixos-aarch64

19:07 pxc has quit [Ping timeout: 250 seconds]

19:23 orivej has quit [Quit: No Ping reply in 180 seconds.]

19:24 orivej has joined #nixos-aarch64

19:29 orivej has quit [Quit: No Ping reply in 180 seconds.]

19:31 orivej has joined #nixos-aarch64

19:50 pxc has joined #nixos-aarch64

20:09 zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

20:11 zupo has joined #nixos-aarch64

21:16 pxc has quit [Ping timeout: 250 seconds]

21:40 pxc has joined #nixos-aarch64

22:59 zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]