On Wed, Jul 27, 2022, at 5:07 PM, Lennart Poettering wrote: > On Mi, 27.07.22 17:01, Chris Murphy (lists@xxxxxxxxxxxxxxxxx) wrote: > 65;6800;1c >> If the additional barrier to adoption that Fedora imposes is that >> every distro needs to also include signed efifs ext4 in order to >> read $BOOT, I think it's too much. > > I do not follow that logic. First of all, if they can sign grub or > sd-boot they should be able to sign efifs too. Secondly, they could > just embedd the relevant efifs driver in the sd-boot binary, and sign > the result (see other mail). Hence, you build two binaries. Make one > of them. Sign one binary. Sure. But all the distros need to support and build efifs drivers in order to support at least common $BOOT file systems across all of Linux, if they're really truly committed to BLS, if not arbitrary file systems. There's at least ext4, XFS, Btrfs widely used as $BOOT by default these days. But more when looking at what distro installers allow /boot to be: f2fs, ZFS, LUKS, LVM... Seems like a Pandora's box to me. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
