On Tue, 2025-10-14 at 11:54 -0400, Chris Murphy wrote: > Apple and Microsoft have implemented all of what you say is unrealistic, > except verity, into their bootloaders. Literally how all of iOS boots, not > even the bootloader is exposed on a simple system. And on desktop and server > Windows, only the bootloader is exposed as plaintext, everything else is on > Bitlocker encrypted NTFS. > > Are you saying only AOSP is using a modern boot chain? Is anyone else using > verity?
When you are supporting a single file system and a single TPM configuration, etc... it is much simpler to stack more stuff in the bootloader. But this is not the situation we have on Linux where we have a dozen different filesystems and multiple different encryption and authentication schemes, you are comparing apples and oranges here. > You want Fedora to mimic mobile device booting? That's a pretty significant > change. What's wrong to mimic things that work well ? Fedora should be about progress and "first" and looking at what works well and do it. Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
