You nailed it so fast 
See, there’s no easy way out except for what you have already “mockuped” above.
And that’s why I edited my post with another “magic” option which is not so strict and blacklisting, but raises a chance for a successful boot/operation.
I don’t think that’s feasible, that’s why I suggested a separate boot option for it if we decide to go that way at some point (For example if nvidia becomes unfeasible to package)
1 Like
It just must be clear that non-free selected by default is no option. We can offer it for sure as a selection, but a regular user which hits enter should always have free drivers pre-selected. Also when the timer times out.
I mean… I really don’t understand why, but if that’s what you want…
The moment NVIDIA drivers are dropped, I will be out of here and probably go back to a Debian based distro. But again, that’s a very unlikely scenario.
4 Likes
That seems good to me ans is in accordance with what Philm said. Can you send a merge request?
1 Like
1 minute ahead of you! https://gitlab.manjaro.org/artwork/branding/grub-theme/-/merge_requests/9
Tested on a new ISO build I made on an Nvidia Optimus 
laptop with a GTX 1660ti and an Intel iGPU
4 Likes
Is this really the case? That the kernel is removing support for GRUB? That would be surprising, did you read about this somewhere that you can share with everyone here?
The grub-theme-live-common package has not been updated yet, just FYI
Yes, everyone is busy. But new iso release is coming, so it will soon be. We are also in the process of redoing the theming for it.
EDIT: updated now
As well as grub. Every distro has its custom grub scripts, which are not a part of the bootloader itself.
That is not true.
Other points are valid, however one should remember that systemd-boot is made simple intentionally. It is just a minimalistic loader for UEFI systems, no more, no less.
And yep, Linux is not moving to it, that’s nonsense.
I think we might be talking about different things. Of course systemd-boot has always supported booting encrypted root. Last I checked, systemd-boot requires kernel and initcpio to reside on the efi partition. This means that /boot will necessarily be on unencrypted partition. Has this changed? If so I’m interested in hearing more.
Yes an no at the same time.
To boot, it needs those files that are necessary for that: kernel, initramfs. But these files could be either mirrored from encrypted boot or unified into a single image. To prevent tampering, such image and loader could be signed with Secure Boot certificate.
But there is very little of interest in /boot partition besides the kernel. Mirroring it from encrypted /boot partition seems to defeat the purpose of /boot encryption.
But, since encrypting that partition is not very productive in the first place, I conceed that this technicality counts 
New user chipping in with an opinion.
Many people using Linux are using it for it’s higher confidence in lack of spying given by open source, and few to none blobs even in the more mainstream versions of the kernel as is the case here.
The nonfree drivers I see are only an issue with nvidia cards, so it would be logical to only have nonfree by default on nvidia only! (through a hardware detection mechanism)
Otherwise manjaro is in the danger of becoming the shill that is ubuntu…
I know that mainline Linux kernel favours systemd also, and it’s because of corporate backing and it’s political, but I am sure rEFInd and OpenRC from Parabola will get a lot of traction in the near future.
Guys, kep it as open source as possible! Don’t cave in to political lobby!
Yep. But that’s also true for, say, Manjaro’s grub efi located on $esp without encryption and Secure Boot signature. So anyone who has so-called “full disk encryption” is not that safe as he/she might think, and this brings us to the conclusion that such encryption is useless without bootloader and/or boot files being signed with a SB key in the first place.
This is why I mentioned “unified” images. It is a solution that makes sense to full disk encryption (with /boot files encrypted). It also prevents from attacker’s fiddling with cmdline options.
do people here seriously not read anything at all? I explained it like 30 times now that this is already how Manjaro works if you select nonfree drivers. What would the point of installing nvidia drivers on non NVIDIA hardware be? In this case you were actually on my side of the argument.
