On Mi, 27.07.22 17:01, Chris Murphy (lists(a)colorremedies.com) wrote:
65;6800;1c
On Wed, Jul 27, 2022, at 4:30 PM, Lennart Poettering wrote:
> So, let's say you want to make sd-boot be able to access a legacy ext4
> /boot/ fs. First, fix the GPT partition type of that /boot/ partition
> to be the XBOOTLDR one (so that sd-boot can recognize it; currently
> fedora for some reason marks it as "generic Linux partition"). Then
> take the ext4 uefi driver from the project above, sign it as you sign
> every EFI binary, and drop it into the /EFI/systemd/drivers/ directory
> on the ESP. This is all you need to do, as sd-boot looks into that
> dir, and automatically loads all drivers found there.
Works for single distro installation, sure. But the intent and
promise of BLS is distro interoperability with a shared $BOOT among
multiple distros.
If the additional barrier to adoption that Fedora imposes is that
every distro needs to also include signed efifs ext4 in order to
read $BOOT, I think it's too much.
I do not follow that logic. First of all, if they can sign grub or
sd-boot they should be able to sign efifs too. Secondly, they could
just embedd the relevant efifs driver in the sd-boot binary, and sign
the result (see other mail). Hence, you build two binaries. Make one
of them. Sign one binary.
Lennart
--
Lennart Poettering, Berlin