On Wed, Dec 21, 2022 at 12:53:05PM +0100, Vitaly Zaitsev via devel wrote:
On 21/12/2022 12:38, Daniel P. Berrangé wrote:
> Why shouldn't FAT be used for /boot. In an EFI world, /boot
> is used for the same functional pupose as the ESP, which is
> already going to use FAT.
Doesn't support links, lournaling and ACLs.
Everyone can do whatever they want with the files, and a trivial power
outage can easily wipe out all of its contents.
> Such drivers would need to be signed to be used
> under SecureBoot, thus expanding the set of components you
> need to audit & trust for security purposes.
These drivers are backports from the grub2 code. If we trust GRUB, we can
trust them too.
Historically we decided to trust Grub because we had little other
practical choice. We shouldn't neccessarily need to continue that,
as it would be beneficial to have less complex code needing to be
trusted in the boot path.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|