Hi,
* Enhance parted/libparted to support arbitrary GUIDs and enhance
blivet to understand the full listing of GUIDs? Or
parted is done, blivet still todo.
https://bugzilla.redhat.com/show_bug.cgi?id=1075288#c7
the CLI tool seems not to support it but maybe fdisk does.
sfdisk supports it. The workaround mentioned in the change page looks
like this:
# setup discoverable partitions
/usr/sbin/sfdisk --part-type /dev/sda 3 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 # Linux root
(x86-64)
> * Add proper systemd-boot support to installers.
Great. The gotcha though is this in effect requires a change in the
file system currently mounted at /boot, which is ext4. And ext4 isn't
supported by sd-boot or UEFI firmware. So if you're going to support
sd-boot, the installer needs to be aware that either the ESP is big
enough to be used as /boot, or if it's not big enough then it will be
mounted on /efi *and* a new partition XBOOTLDR formatted as FAT will
be used as /boot.
Well, for the virtual machine use case isn't a problem, you can just
make the ESP big enough and even drop the separate /boot filesystem
then.
For the general case we need some other option. Could be just stick to
grub2 for those cases (we'll continue to need grub2 anyway for bios boot
and ppc64le). Or drop an ext4 driver to /boot/efi/EFI/systemd/drivers,
for example this one:
https://github.com/tianocore/edk2-platforms/tree/master/Features/Ext4Pkg
> * Better secure boot support (specifically the initrd is covered
by
> the signature).
We need to solve the glaring hole that is the initrd. There's no
question about it. I can't really assess if this feature is the best
way to do that. Or if it would be adequate for dracut to self-sign
every locally generated initrd with a unique key pair and throw away
the private key after each initrd is generated.
The private key management problem unfortunately isn't solved that
easily ...
When using distro signatures you don't have the key management problem
in the first place.
Or if we could do enough strict standardization in the boot chain
with
a possibly larger kernel to avoid needing an initrd, i.e. get to
sysroot mount faster thereby obviating the need for a large initrd.
The initrd does more than carrying drivers. Finding the root filesystem
for example. The kernel's builtin feaure set for root= is small
compared to what a dracut initrd is able to do.
take care,
Gerd