On Tue, Jan 21, 2020 at 12:57:50AM +0000, Matthew Garrett wrote:
a) Stick the config in UEFI variables. It's small enough that we
wouldn't run out.
b) Extend grub to read some config files and synthesise an initramfs
image for them. If we measure the paths that those images use then
we don't need to worry about the contents as long as the tools that
read the config can't be subverted via that configuration.
I think a problem with (a) is that it won't work for disk images if
part of it is tied to the hardware, everything needs to be on the
image. So (b) has my vote for now.
--
Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart