On Wed, 2025-11-12 at 09:44 -0700, Simon Glass wrote:
[...] Ideally Linux would boot so fast from the moment you press enter to the prompt of the initrd it shouldn't take much longer than the u-boot prompt itself ;) For such special use cases the initrd could be quite minimal and included in the kernel of course.
By the time you get to Linux you can't go back and try another OS if the key is wrong....
Sure but then is this optimization really worth the effort? :-)
Grub was lagging behind with features. Even when Luks2 support arrived it lacked Argon2. So someone always has to keep up with changes on Linux side. Then one had to enter the passphrase twice. Once in grub and then again in the bootloader. To avoid that some key handover protocol had to be created.
Thanks for the info. From my limited view, it seems that Grub is not really suitable for the kind of active development that is needed to keep up with the world. As to entering it twice, I thought Grub was the bootloader? Do you mean that it needs to pass the key to Linux?
Hmm, yes? :-) Maybe we are talking about different setups. To clarify, I suppose the rootfs etc is inside an encrypted volume too. So even if it's the same volume as the one u-boot opened, Linux still needs set up device mapper with dmcrypt itself to be able to mount the rootfs, right? cu Ludwig -- (o_ Ludwig Nussel //\ Siemens AG / SI E R&D IOT V_/_ www.siemens.com