On Wed, Jul 27, 2022 at 17:37 Chris Murphy <lists@colorremedies.com> wrote:


On Wed, Jul 27, 2022, at 5:07 PM, Lennart Poettering wrote:
> On Mi, 27.07.22 17:01, Chris Murphy (lists@colorremedies.com) wrote:
> 65;6800;1c

>> If the additional barrier to adoption that Fedora imposes is that
>> every distro needs to also include signed efifs ext4 in order to
>> read $BOOT, I think it's too much.
>
> I do not follow that logic. First of all, if they can sign grub or
> sd-boot they should be able to sign efifs too. Secondly, they could
> just embedd the relevant efifs driver in the sd-boot binary, and sign
> the result (see other mail). Hence, you build two binaries. Make one
> of them. Sign one binary.

Sure. But all the distros need to support and build efifs drivers in order to support at least common $BOOT file systems across all of Linux, if they're really truly committed to BLS, if not arbitrary file systems.

There's at least ext4, XFS, Btrfs widely used as $BOOT by default these days. But more when looking at what distro installers allow /boot to be: f2fs, ZFS, LUKS, LVM... 

Seems like a Pandora's box to me.

But isn’t what you are outlining an existing Pandora’s box you are going to have to deal with? All those systems are existing already and will be in place. Telling all couple hundred thousand dual boosters you have to reformat a partition to play with the new thing is also a high bar to deal with. 

There is also going to be issues where various windows software is going to see this mountable partition and play with it. Going from past experience every anti virus will freak out at least once a month over seeing Linux executables on a fat partition and quarantine them. 


Yes your system is easier to deal with but it is still not as simple as it seems to be seen. It is going to be painful in new ways





--
Chris Murphy
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren