On Do, 09.10.25 01:24, Chris Murphy ([email protected]) wrote: > >> Note that Neal also has ideas to move XBOOTLDR into a btrfs subvolume > >> which for > >> many of the default editions and spins would remove the problem entirely. > > > > That is against the XBOOTLDR spec, which says it should be a file > > system readable by firmware, i.e. VFAT. > > XBOOTLDR is being formatted either ext4 or XFS for a while now in > Fedora.
Oh man. You know, i wrote the spec for this. And the spec is quite clear how it is intended to be used I'd claim. It's so painful how Fedora regularly takes these specs and turns them into something they are clearly not supposed to be. If they intend to bend the specs into something so different, why do they bother to reuse the same partition type UUIDs even? Anyone can generate their own partition type UUID, and if they want different semantics they can just do that, write their own fedora specific spec, but why squat the xbootldr one and then organize it differently? I consider this a pretty hostile act to be frank. either support the spec or don't, but squatting xbootldr partitiont type uuids with different semantics than the spec suggests is pretty bad. This happened before with boot loader spec type 1 entries, where they added variable expansion to something that was expressly supposed to be trivial to parse. > UEFI spec supports file system drivers. The BL spec doesn't say the > file system support should be built-in to the firmware. Umpf. I really don't grok this. Using something that is not VFAT for this is *so* pointless. You cannot avoid VFAT, because the ESP has to be VFAT. By using something else for XBOOTLDR you are not just breaking compat pointlessly, you are duplicating the number of file systems you need to support, and you extend the attack surface for the OS a lot (because XBOOTLDR cannot sensibly protected against offline modifications). For a properly secured system you need to be frugal with the choice of data structures you read of disks that you cannot authenticate cryptographically. And ext4 and xfs are ridiculously complex file systems, these are the worst choices possible. This is a really non-sensical choice. I am not sure how else to say this, but this is just so sad. Lennart -- Lennart Poettering, Berlin -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
