Multibooting UX, how well it ought to work
Chris Murphy
lists at colorremedies.com
Tue Jul 1 18:44:24 UTC 2014
On Jul 1, 2014, at 12:35 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> On Mon, Jun 30, 2014 at 10:35:17PM -0600, Chris Murphy wrote:
>>
>> On Jun 30, 2014, at 4:20 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
>>
>>> On Mon, Jun 30, 2014 at 03:09:01PM -0600, Chris Murphy wrote:
>>>
>>>> Ok for long term. In the next two weeks before freeze is it possible
>>>> to modify the grub2-efi package spec file GRUB_MODULES= so that the
>>>> grux64.efi has xnu, xnu_uuid, xnu_uuid_test modules baked in? That
>>>> would fix the main problem in bug 893179 so that the first two OS X
>>>> entries would then have a chance of working.
>>>
>>> Not unless somebody writes signature checking support for them, no.
>>
>> Ahh. So without that, it'd be possible to execute arbitrary code masquerading as xnu on a Secure Boot system?
>
> Yeah. One option would be to just disable the code if secure boot is
> enabled - Macs don't implement it, so that would be fine for basically
> every real world case. But I'd still prefer to chain the Apple
> bootloader rather than fiddling with XNU.
I'd say until there's a replacement for os-prober's functionality that can also recognize encrypted OS X installs, and grub2-mkconfig creates OS X boot entries using chainloader rather than xnu modules, the simplest solution is anaconda adding DISABLE_OS_PROBER="True" to /etc/default/grub on Macs.
Upstream's solution mystifies me, it's been broken for ~2 years at least, and while it ought to be working now in GRUB 2.02, it's at the whim of Apple's future kernel changes. So not only is it a maintenance hassle, but it also can't boot encrypted OS X installs. I just tested chainloading the Apple bootloader from GRUB on an encrypted OS X installation and it works.
I'm going to guess a significant minority, if not majority, of OS X users who also install Fedora, are using encrypted OS X installations. Because os-prober doesn't search Apple Boot partition types, and can't read encrypted Core Storage partitions, OS X boot entries aren't created at all for encrypted OS X installs. So we already have a relatively common scenario where there aren't OS X boot entries. So I still think suppressing os-prober on Macs is a better outcome than unencrypted OS X installs having a GRUB menu with four non-working boot menu entries, it also makes the GRUB menu consistent whether the OS X install is encrypted or not.
Chris Murphy
More information about the desktop
mailing list