On Mi, 21.12.22 12:35, Neal Gompa (ngompa13(a)gmail.com) wrote:
> And similar for server/embedded stuff. If fedora wants to be
deployed
> in such worlds, it's kinda nice if we can automatically recover from
> hosed updates.
None of those things require us to write data to /boot. Even in your
model, if you *must* write to a filesystem, the counters can live on
the ESP even if all the system-installed content exists in /boot. I'm
sure you could envision a simple file in the ESP for that. None of
that is permanent configuration, just transient stuff.
I don't follow your thinking at all. On one hand you want /boot/ to be
ext4, supposedly for data safety reasons. But you don't want writes
from pre-boot environment to go there. You are fine if pre-boot writes
to ESP (i.e. VFAT) however for boot counting.
So, ESP is more important for booting than /boot/ (simply because a
hosed kernel doesn't matter, if you have another — a hosed boot loader
is much more problematic however since you typically have no other),
hence if anything you should be more concerned about writes there than
on /boot.
If you accept that writes to the ESP/VFAT are actually OK, then I
think it's just a minor step to say that /boot/ as VFAT is also OK
given these writes are more seldom, are done from the safer OS
environment, and can be tightly controlled.
Lennart
--
Lennart Poettering, Berlin