Draft: Is there some change upstream would like to see merged?

I would gladly see brought over the new functions organization, because it makes way easier to add support for new file systems, new bootmodes, new volumes, new buildmodes.

It still includes code which may be preferable to move to user scripts or to a separate package but I think I am near for a complete merge.

Complete features:

• Almost complete code overhaul
  • more modular, more easily structured, more easily extendable;
  • no code redundancy;
  • there are almost no lines over 60 characters;
  • the code is now split in sections and every function is documented;
  • backup gitlab.com CI;
• LUKS file system support;
• dongle buildmode, to produce a secure setup when no write-once devices but two writable devices are available, which is what is common nowadays;
• emergency single device boot from root file system clone on dongle encrypted recovery partition;
• seamless support (both BIOS and UEFI) for loading initrd and kernel from progressively less secure sources, in the order:
  • encrypted dongle boot partition
  • dongle encrypted recovery partition
  • unencrypted ISO9660 file system on the dongle ISO
  • encrypted boot partition on the install media ISO
  • unencrypted ISO9660 file system on the install media ISO
• optional boot passphrase;
• optional persistent storage passphrase.

Chain of trust is guaranteed up to dongle boot loader when booting from a safe dongle.

Features with included incomplete branches

• ext4+raid+luks and erofs+raid+luks image type to be able to read the root file system from multiple sources;
• btrfs image type to have a compressed file system for read-write partitions.
• runtime user partition creation.