On 22/12/2022 21:18, Chris Murphy wrote:
XBOOTLDR in practice needs to be FAT. I don't like it. But I like
it better than choosing batshit as the alternative, and having a bunch of signed efifs
drivers on the ESP per distro sounds like batshit to me. And not in the good way.
I don't think so. XBOOTLDR on FAT32 should be rejected as a defective by
design due to a FAT32 unreliability.
It's harder to fix this problem if XBOOTLDR is not FAT. efifs
drivers need to be Secure Boot signed just like the bootloader. The firmware already
trusts its built-in FAT driver, for better or worse, so what is the exact problem with
just using that so we don't have to deal with UEFI SB signing efifs drivers, and the
much harder job of expecting every distro to include signed efifs drivers *on the ESP* for
multiboot to work?
Who we are to make decisions for other Linux distributions? Every
distribution can use whatever they want.
I doubt that Fedora's shim+grub2 can boot Ubuntu kernels in Secure Boot
mode and vice versa.
--
Sincerely,
Vitaly Zaitsev (vitaly(a)easycoding.org)