On 12/20/22 16:34, Simo Sorce wrote: > On Tue, 2022-12-20 at 14:56 -0500, Demi Marie Obenour wrote: >> How do you plan to handle system recovery? For VMs this is much >> less of a concern, but on bare metal there needs to be a way for >> a local, authenticated administrator to obtain a root shell on >> the system console even if the root filesystem cannot be mounted. >> This has saved my system more than once. >> >> Also, how will Xen be supported in this model? Will the hypervisor >> be part of an alternate UKI? CCing Marek Marczykowski-Gorécki of >> Qubes OS. > > It is all answered in the large amount of text you quoted, if you read > it carefully. > The old kernel+inird does not go away, so you disable secure boot and > just use the good old methods, or worst case you use a recovery disk > (or USB drive, or whatever you use to install) if you damaged the boot > partition. > > Anything that is not explicitly supported likewise will use the old > kernel + custom initrd, you just disable secure boot.
If rescuing a system means disabling secure boot, then there is no point in having secure boot in the first place, because malware can reliably cause the user to disable it. There needs to be a way to rescue the system *without* disabling secure boot, at least as long as the UKI can itself be loaded. Furthermore, this must not require the user to enter secrets until they have (via TPM PCR-based attestation) verified that the system is booting trusted code. This means that the initramfs must be able to authenticate the user. And having Xen be incompatible with secure boot is not something Xen users are going to be happy with, especially because Xen fully supports UKIs that include the hypervisor. Having this be out of scope for phase 1 is fine, but it should be supported eventually. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
