Multibooting UX, how well it ought to work

Chris Murphy lists at colorremedies.com
Tue Jul 1 18:44:24 UTC 2014 

On Jul 1, 2014, at 12:35 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:

> On Mon, Jun 30, 2014 at 10:35:17PM -0600, Chris Murphy wrote:
>> 
>> On Jun 30, 2014, at 4:20 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
>> 
>>> On Mon, Jun 30, 2014 at 03:09:01PM -0600, Chris Murphy wrote:
>>> 
>>>> Ok for long term. In the next two weeks before freeze is it possible 
>>>> to modify the grub2-efi package spec file GRUB_MODULES= so that the 
>>>> grux64.efi has xnu, xnu_uuid, xnu_uuid_test modules baked in? That 
>>>> would fix the main problem in bug 893179 so that the first two OS X 
>>>> entries would then have a chance of working.
>>> 
>>> Not unless somebody writes signature checking support for them, no.
>> 
>> Ahh. So without that, it'd be possible to execute arbitrary code masquerading as xnu on a Secure Boot system?
> 
> Yeah. One option would be to just disable the code if secure boot is 
> enabled - Macs don't implement it, so that would be fine for basically 
> every real world case. But I'd still prefer to chain the Apple 
> bootloader rather than fiddling with XNU.

I'd say until there's a replacement for os-prober's functionality that can also recognize encrypted OS X installs, and grub2-mkconfig creates OS X boot entries using chainloader rather than xnu modules, the simplest solution is anaconda adding DISABLE_OS_PROBER="True" to /etc/default/grub on Macs.

Upstream's solution mystifies me, it's been broken for ~2 years at least, and while it ought to be working now in GRUB 2.02, it's at the whim of Apple's future kernel changes. So not only is it a maintenance hassle, but it also can't boot encrypted OS X installs. I just tested chainloading the Apple bootloader from GRUB on an encrypted OS X installation and it works.

I'm going to guess a significant minority, if not majority, of OS X users who also install Fedora, are using encrypted OS X installations. Because os-prober doesn't search Apple Boot partition types, and can't read encrypted Core Storage partitions, OS X boot entries aren't created at all for encrypted OS X installs. So we already have a relatively common scenario where there aren't OS X boot entries. So I still think suppressing os-prober on Macs is a better outcome than unencrypted OS X installs having a GRUB menu with four non-working boot menu entries, it also makes the GRUB menu consistent whether the OS X install is encrypted or not.

Chris Murphy

More information about the desktop mailing list