On Thu, Oct 24, 2019 at 11:57 PM Pali Rohár <pali.rohar@xxxxxxxxx> wrote: > > On Thursday 24 October 2019 23:46:43 Chris Murphy wrote: > > So that leads me to, what about FAT? i.e. how does this get solved on FAT? > > Hi Chris! I think that for FAT in most cases it used ostrich algorithm. > Probability that kernel crashes in the middle of operation which is > updating kernel image on boot partition is very low. > > I'm Looking at grub's fat source code and there is no handling of dirty > bit... http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/fs/fat.c > It just expects that whole FAT fs is in consistent state. I can't estimate how likely the same situation is for typical UEFI firmware. But many follow TianoCore and if TianoCore is being overly optimistic, now what? So then I think of ugly but effective things, just like ChromeOS, where we have two mirrored ESP's, and create a faux dirty bit with a hidden file /.dirty or some ugly crap and hope to some deity that we could get agreement among bootloader developers to prefer the ESP without that file. File gets set, do all the modifications, and only once fsync() exits 0, remove the /.dirty file? I mean...that's crazy isn't it? -- Chris Murphy
