On Monday, July 6, 2020 5:24:32 AM MST Gerd Hoffmann wrote: > Default fedora disk layout in UEFI mode is partitions for ESP, /boot and > LVM. If you ask for full disk encryption LVM is encrypted, ESP + boot > are not. Which makes sense to me. Why would you encrypt /boot? The > files you can find there are public anyway, you can download them from > the fedora servers. Encrypting /boot would make the boot process more > fragile for no benefit. I guess that shows how unfamiliar I am with UEFI boot Fedora. You would encrypt /boot to ensure that your boot images have not been tampered with, or config files haven't been read by somebody other than the end user. > sd-boot still wouldn't work out-of-the-box though, due to /boot being > xfs not vfat and firmware typically not shipping with xfs drivers. If I'm not mistaken, XFS is the default used on RHEL, but ext4 is still used for /boot in Fedora, by default. > We could that by using vfat for /boot. Or by shipping & using xfs.efi, > simliar to how apple ships & uses apfs.efi to boot macOS from apfs > filesystems. Is there a notable benefit to using that over GRUB2, which already has support on both UEFI and BIOS? -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
