There was a session on running guix on weird computers during this years Guix Days, and five people brought their purple colored MNT Pocket Reform laptops with them, which proves two things in my book:
- that purple undoubtedly is the best color! (all cool tech is purple, the gameboy advance, gamecube, the pocket reform!)
- … and that there's definitely growing interest in running Guix System on aarch64 machines (such as MNT laptops).
more than a week ago I wrote a post on how to install and run Guix System on the rk3588 pocket reform , so let's write another one and focus on what's still missing and what could be improved, to make running Guix System on these machines as easy as possible.
Status Overview TLDR Thingy(TM)
I had a status table living in my denote Zettelkasten for a while now to keep track the rk3588 pocket reform guix system efforts, this is a slightly modified version of it:
| Component | Description | Upstreamable in Guix | Available in Guix Proper | Issues | Workaround |
|---|---|---|---|---|---|
| Barebones Image | System Image for MNT Laptops | yes | not yet, but a PR for inclusion has been made. | FBCON rotation doesn't work yet | |
| Kernel | Kernel with Patches for MNT Laptops | yes | yes, as linux-libre-arm64-mnt-reform | FBCON specific options required for rotation and font size on framebuffer console aren't enable yet | |
| reform2-lpc | DKMS module for system controller interaction | yes | yes, as reform2-lpc-module | ||
| rk3588 u-boot | Bootloader without display support | no (DDR training binary is proprietary) | no | no display support, therefore no good way to select previous system generations/entries | use stock u-boot as long as we can't upstream it |
| rk3588 barebox | Bootloader with display support | no (same as u-boot) | no | not available yet | use stock u-boot |
| WiFi | Atheros QCNFA335 and QCNFA222 seem to be the only supported options for M2 | yes | yes | WiFi options sold by MNT aren't libre | requires Headset/Switch Board 2.0, USB tethering via phone or USB wifi is possible |
| Ethernet | Untested | ? | ? | I don't have an ix ethernet adapter, so I can't test this. | |
| FDE | Full Disk Encryption | maybe? | no | no display output, if I got this right also currently not possible with current bootloader subsystem on non-grub bootloaders? | encrypted /home partition should work |
| reform-tools | tooling package, contains hw-setup script | yes | no | not packaged yet |
Recap
As a recap of my last post, we're able to run Guix System on a MNT Pocket Reform laptop, if we ignore that:
- u-boot has to be stock and has to be already present on EMMC as we can't ship rk3588 u-boot in guix just yet.
- all WiFi options offered by MNT aren't supported in linux-libre (but there are other options!)
- there's currently not a feasible way to use full disk encryption.
I think the current state is a prime example of the Pareto principle, as there's not really that much missing, even though it's difficult to make an educated guess on a timeframe when some of the things missing can be resolved.
I'd love to see parity in functionality to the stock system images by MNT for Guix System on the reform laptops and think that it's probably achievable.
1. What's Already Available In Guix Proper
Let's start with excellent news: everything to bring up a rk3588 pocket reform laptop (within the aforementioned limitations) is already there!
-
a
linux-libre-arm64-mnt-reformkernel variant (upstreamed by Vagrant). -
the
reform2-lpc-moduleDKMS module for reading battery status and shutting down the reform properly from userspace (upstreamed by Arjan). -
a generic
u-bootpackage that works well enough to generate anextlinux.confthat can be consumed by the u-boot variant the pocket reform is shipped with.
2. Things On Their Way To Guix Proper
A barebones system image definition good enough to bring up Guix System when flashed to an microSD card has been suggested as a PR for inclusion in guix proper by me. This means, that, as soon as this is merged, CI would pick up building bootable images that can be written to microSD.
3. What's Still Missing And Can Possibly Be Upstreamed
FBCON Options Enablement (Rotation etc.)
A PR to add the relevant kernel config options to enable rotation of the framebuffer console to the pocket reform kernel variants could be created. I saw the rotation issue being resolved on some devices during Guix Days, but forgot to ask which options were chosen to do this.
rk3588 U-Boot As Soon As Its Bootchain Is Fully Libre
As soon as the proprietary DDR training blob can be replaced for the rk3588 we'd be able to upstream a device-specific u-boot package. I don't know if there currently are any efforts on freeing the DDR training blob or what the progress is on this, for the time being that would remain the only blocker.
reform-tools
There's currently not a package for the
reform-tools
in guix and not
a service for the
reform-hw-setup
shell script. I've been meaning to
replace said shell script with a proper shepherd service covering the
same functionality (right now my service calls the upstream script,
but it could be guile & gexp all the way).
4. What's Currently Still Unsupported
Full Disk Encryption
There's currently not a possible way to have full disk encryption with this setup. However, using an encrypted home partition is possible and may be good enough, even though I strongly prefer being able to use FDE. There's a draft GCD on rewriting the Bootloader Subsystem to be less GRUB centric, that would maybe also allow tackling these issues easier.
The best case would be, to, instead of typing my LUKS password twice twice (sic!), be able to use a keyfile to decrypt. And, if not using a keyfile, to be actually able to see the password prompt and wether or not unlocking has succeeded (this is also an issue on my corebooted ThinkPad x230 with a FHD panel mod, my previous laptop, that I had to blindly type my password four times as the prompt wasn't displaying on screen).
I think for now I'll experiment with encrypting my
/home
partition,
and will document my setup and the results.
Lack of FDE was seen as one of the bigger show stoppers during the Guix Days session, and I agree with that, without fully knowing what a good and possible solution could look like.
Most Available WiFi Hardware
WiFi, as almost always with any kind of modern hardware, remains to be an issue. Atheros QCNFA335 and QCNFA222 based cards will work on the Headset/Switch Board 2.0 NGFF slot, so there's at least a libre option available.
Display Support in U-Boot
There's no display support in
u-boot
, which means that, without
using a 3.3V USB-to-UART adapter hooked up to another computer,
there's not really a way to select different generations in the
bootloader menu.
The
December and January Update by MNT
states that there's been some
success with display support for
barebox
, so maybe, while not being
able to package it for guix just yet, it could be utilizied the same
way we utilize u-boot right now as a
bring your own bootloader
type
of thing. Packaging it for Guix would suffer from the same issues as
u-boot
in terms of requiring proprietary blobs during the boot
process.
5. Things I'll Hack On Next
Out of all aforementioned issues, I think I'll focus on the following things when I have time to spare:
- disk encryption, starting by figuring out a feasible encrypted
/homeset-up, working my way up to be more knowledgable about what's missing to do FDE the annoying way (typing passwords twice!). - coming up with a
hw-setupshepherd service that's not a bash script.
I'd also love to team up with people on improving support for MNT family laptops in Guix System specifically, if you want to hack on one of the mentioned things with me feel free to contact me by e-mail!