On Do, 09.10.25 01:51, Neal Gompa ([email protected]) wrote: > > On Thu, Oct 9, 2025, at 12:43 AM, Lennart Poettering wrote: > > > On Mo, 22.09.25 07:54, Simon de Vlieger ([email protected]) wrote: > > > > >> Note that Neal also has ideas to move XBOOTLDR into a btrfs subvolume > > >> which for > > >> many of the default editions and spins would remove the problem entirely. > > > > > > That is against the XBOOTLDR spec, which says it should be a file > > > system readable by firmware, i.e. VFAT. > > > > XBOOTLDR is being formatted either ext4 or XFS for a while now in Fedora. > > > > UEFI spec supports file system drivers. The BL spec doesn't say the file > > system support should be built-in to the firmware. > > > > And we've had Btrfs and EXT4 filesystem drivers packaged in Fedora for a > little while now. So as long as that's on the FAT32 ESP, we're good to > go for anything that doesn't have its own filesystem code.
Wow, so you have a crap driver running with extreme privileges (UEFI) that is barely maintained that accesses a block device with zero cryptographic authentication. And for what exactly? Did you manage to avoid VFAT that way? No! You didn't, the ESP has to be VFAT, and it needs to be updated regularly, because that's where the boot loader is invoked from and where your crap driver is sitting after all. You solved zero problems, and created a new one. Yay! I mean, sorry, but this is such a poor poor choice. Why? I can see zero benefit of doing things like that. I can only see reasons *not* to do this: 1. relies on undermaintained fs driver, that noone else relies on, puts major maintenance burden on fedora 2. massively complex file system on block device that is not authenticated, and thus a major *new* and unnecessary attack surface 3. is pretty clearly against the xbootldr spec, which suggests vfat clearly. 4. creates a compat issue, beacuse only fedora's own boot paths can consume this. 5. goes against kernel fs developer wishes which are generally strongly opposed to having alternative fs implementations around for linux-owned fses. And so on. And my guess is that this stuff is not even writable from boot mode, is it? so not boot counting, no random seed mgmt, and so on. Lennart -- Lennart Poettering, Berlin -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
