On Wed, Dec 21, 2022, at 6:22 AM, Vitaly Zaitsev via devel wrote: > On 20/12/2022 19:56, Chris Murphy wrote: >> Great. The gotcha though is this in effect requires a change in the file system currently mounted at /boot, which is ext4. And ext4 isn't supported by sd-boot or UEFI firmware. So if you're going to support sd-boot, the installer needs to be aware that either the ESP is big enough to be used as /boot, or if it's not big enough then it will be mounted on /efi*and* a new partition XBOOTLDR formatted as FAT will be used as /boot. > > Nobody should use FAT for /boot. efifs[1] should be used instead. > > systemd-boot can load these drivers from ESP out of the box[2]. The founding principle in Boot Loader Spec is that multiboot between Linux distros sucks. The cooperation between distros, is shit. And BLS strives to present an opportunity to compromise and fix that problem. It's harder to fix this problem if XBOOTLDR is not FAT. efifs drivers need to be Secure Boot signed just like the bootloader. The firmware already trusts its built-in FAT driver, for better or worse, so what is the exact problem with just using that so we don't have to deal with UEFI SB signing efifs drivers, and the much harder job of expecting every distro to include signed efifs drivers *on the ESP* for multiboot to work? If /boot is ext4, then every Linux distro must include a signed ext4 efifs driver in order to properly render the boot menu. But what if (open)SUSE doesn't want to use ext4, they want Btrfs? Compromise dictates that every distro now needs to provide a signed btrfs efifs driver too. OK Red Hat uses XFS for boot, so now every distro needs to include ext4, btrfs, and XFS signed efifs drivers with every installation. It's explosively more complicated to implement let alone to agree upon than just use the one driver we know everyone has and can use. XBOOTLDR in practice needs to be FAT. I don't like it. But I like it better than choosing batshit as the alternative, and having a bunch of signed efifs drivers on the ESP per distro sounds like batshit to me. And not in the good way. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
