On Tue, Oct 22, 2019, at 8:10 PM, Chris Murphy wrote: > > For multiple kernels, it doesn't matter if a crash happens anywhere > from new kernel being written to FAT, through initramfs, because the > old bootloader configuration still points to old kernel + initramfs. > But in multiple kernel distros, the bootloader configuration needs > modification or a new drop in scriptlet to point to the new > kernel+initramfs pair. And that needs to be completely atomic: write > new files to a tmp location, that way a crash won't matter. The tricky > part is to write out the bootloader configuration change such that it > can be an atomic operation. Related: https://github.com/ostreedev/ostree/issues/1951 There I'm proposing there to not try to fix this at the kernel/filesystem level (since we can't do much on FAT, and even on real filesystems we have the journaling-vs-bootloader issues), but instead create a protocol between things writing bootloader data and the bootloaders to help verify integrity.
