On Wed, Dec 21, 2022 at 12:53:05PM +0100, Vitaly Zaitsev via devel wrote: > On 21/12/2022 12:38, Daniel P. Berrangé wrote: > > Why shouldn't FAT be used for /boot. In an EFI world, /boot > > is used for the same functional pupose as the ESP, which is > > already going to use FAT. > > Doesn't support links, lournaling and ACLs. > > Everyone can do whatever they want with the files, and a trivial power > outage can easily wipe out all of its contents. > > > Such drivers would need to be signed to be used > > under SecureBoot, thus expanding the set of components you > > need to audit & trust for security purposes. > > These drivers are backports from the grub2 code. If we trust GRUB, we can > trust them too. Historically we decided to trust Grub because we had little other practical choice. We shouldn't neccessarily need to continue that, as it would be beneficial to have less complex code needing to be trusted in the boot path. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
