On Fr, 23.12.22 09:01, Fedora Development ML (devel@xxxxxxxxxxxxxxxxxxxxxxx) wrote: > On 22/12/2022 21:18, Chris Murphy wrote: > > XBOOTLDR in practice needs to be FAT. I don't like it. But I like > > it better than choosing batshit as the alternative, and having a > > bunch of signed efifs drivers on the ESP per distro sounds like > > batshit to me. And not in the good way. > > I don't think so. XBOOTLDR on FAT32 should be rejected as a defective by > design due to a FAT32 unreliability. It's not the best file system if you intend to do random access writes all the time. But if you don't do that, restrict your write patterns to a certain reasonably safe subset, and ensure that you keep the file system unmounted most of the time then it should be OK. I mean, UEFI effectively mandates FAT for one partition (i.e. the ESP), you can't avoid it. And at the bare minimum the boot loader is stored in the ESP, and you need to update that as regularly as any other software package, hence it's illusionary that you could avoid regular write patterns onto FAT if you just make XBOOTLDR something non-FAT. > I doubt that Fedora's shim+grub2 can boot Ubuntu kernels in Secure Boot mode > and vice versa. After enrolling the Ubuntu key via mokutil that should be fine. Sure, if you have the shim belonging to distro X then this means only kernels of distro X can be just booted, since only X' certificate will be built-in. But once you enroll other certs things should be fine. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
