Ben Cotton <bcotton(a)redhat.com> writes:
By design, ostree does not manage bootloader updates as they can not
(yet) happen in a transactional, atomic and safe fashion.
As we've talked about before, it's not possible to make updates
transactional. It involves, per spec and depending on processor
architecture, updating multiple files in different directories,
potentially on different filesystems entirely, one of which is fat32.
* User will be able to easily update the bootloader on their system.
This will let them apply Secure Boot dbx updates that block old
bootloaders with known vulnerabilities from loading. See:
**
https://github.com/fedora-silverblue/issue-tracker/issues/355
**
https://bugzilla.redhat.com/show_bug.cgi?id=2127995
What's the plan to apply the outstanding security updates (shim, grub2,
and dbx push from June) to fedora silverblue 36 + 37 that aren't covered
by this change?
Be well,
--Robbie