On Fri, 21 Mar 2025 at 08:05, Alexander Graf <graf@xxxxxxxxxx> wrote: > > > On 21.03.25 01:26, Luca Boccassi wrote: > > On Thu, 20 Mar 2025 at 22:43, Alexander Graf <graf@xxxxxxxxxx> wrote: > >> Let's first figure out how all of this works without shim. Then we can > >> look at whether we need to and how we can extend the shim/sd-boot > >> interface to make that case work as well. Please don't start off > >> assuming everyone runs shim in secure boot environments. > > But that's a bit off topic, though - the issue Mate brought up with > > this thread is specifically with shim/16 + sd-boot + sd-stub, which is > > a bit time pressing as both Plucky and Trixie are about to go out with > > this combination that used to work, but doesn't anymore. > > Without shim there's no new issue, everything works as it always did. > > > If you read through Heinrich's reply once more, you can clearly see that > it does not. We have 2 broken cases: new shim (change of contract) and > U-Boot (dependency on PI internals). Sorry, but "not standard compliant" is really not an interesting argument per se. systemd is not posix standard compliant either, we use glibc specific APIs when they are useful and make sense to avoid reinventing things that the libc should really be in charge of maintaining. Other libcs can either implement the same interfaces, or folks interested in using them can provide and maintain compat shims. That's always been the rule around here. This really looks the same to me, EDK2 provides these APIs that are from the PI spec rather than the main one, and if they are available, we use them, because they are useful. We also already use other shim-provided protocols, that are also not from the UEFI spec. In fact we are a bit nicer than in userspace, as these are used only if available, there's no hard failure if not. Then if one day these protocols (or similar alternatives) make their way into the main spec, all the better of course, that would be great. If U-Boot doesn't provide the same interfaces that EDK2 has, and they can't be added, then double signing should work I think, IIRC we got reports that it was enough to run things on U-Boot in the past.
Re: shim 16 breaking systemd stub and next steps
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: shim 16 breaking systemd stub and next steps
- From: Luca Boccassi <luca.boccassi@xxxxxxxxx>
- Date: Fri, 21 Mar 2025 11:06:29 +0000
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx, Mate Kukri <mate.kukri@xxxxxxxxxxxxx>, Ilias Apalodimas <ilias.apalodimas@xxxxxxxxxx>, Heinrich Schuchardt <xypron.glpk@xxxxxx>, Ard Biesheuvel <ardb@xxxxxxxxxx>
- In-reply-to: <cbc55556-88be-4c33-9da3-3fc17baf57ce@amazon.com>
- References: <CAAfJHtqY0vCy9ORH4fsW_b1H7Z2vtw0Wh9KXO61LtSxJ8td7PA@mail.gmail.com> <CAMw=ZnRpWRhrwuzhNM5qgqALaHr1PqebZL_7_FvmPCZpj29Ngw@mail.gmail.com> <02842bd0-cfb3-4fd0-902b-63ddc27cdf76@amazon.com> <CAMw=ZnQNSX-aGvrnv7HGna9WRdJg5xdmEcpyOU99=C1VFev46w@mail.gmail.com> <2d7ccc4e-5ecd-4061-ae4b-52a9905d23ac@amazon.com> <CAMw=ZnSXzsoxGvAr6uWoXHgZvXBFa3NA0iUH1=u8A44SkwfK5A@mail.gmail.com> <cbc55556-88be-4c33-9da3-3fc17baf57ce@amazon.com>
- Follow-Ups:
- Re: shim 16 breaking systemd stub and next steps
- From: Lennart Poettering
- Re: shim 16 breaking systemd stub and next steps
- References:
- shim 16 breaking systemd stub and next steps
- From: Mate Kukri
- Re: shim 16 breaking systemd stub and next steps
- From: Luca Boccassi
- Re: shim 16 breaking systemd stub and next steps
- From: Alexander Graf
- Re: shim 16 breaking systemd stub and next steps
- From: Luca Boccassi
- Re: shim 16 breaking systemd stub and next steps
- From: Alexander Graf
- Re: shim 16 breaking systemd stub and next steps
- From: Luca Boccassi
- Re: shim 16 breaking systemd stub and next steps
- From: Alexander Graf
- shim 16 breaking systemd stub and next steps
- Prev by Date: Re: shim 16 breaking systemd stub and next steps
- Next by Date: Re: shim 16 breaking systemd stub and next steps
- Previous by thread: Re: shim 16 breaking systemd stub and next steps
- Next by thread: Re: shim 16 breaking systemd stub and next steps
- Index(es):
 |