I'll go ahead and add my two cents. Although I haven't
successfully programmed an actual bootloader, I do some have
experience making EFI programs.

  The UEFI specification details a "System Table"
(https://uefi.org/specs/UEFI/2.10/04_EFI_System_Table.html), from
which the program may access system services, if the system doesn't
have the proper drivers. Likewise, since Linux has various drivers
for almost every hardware device, the kernel itself will enumerate
hardware devices through ACPI, or a devtree interface/blob, the
latter being grabbed by the bootloader:
https://lwn.net/Articles/367752/.

  Hard drives generally follow a single standard, and are easy to
account for as hardware, given you have the drivers for their given
controller. NVMe drives are basically an SSD *and* controller in
one, since they are directly plugged into the PCIe bus. Basically,
the bootloader simply has to load the kernel image into memory, and
importantly, verify the image, and then pass a couple of parameters
to the kernel, before issuing a jump instruction to it.

  All that the bootloader is concerned with, is loading, and
verifying that the image is valid. A perfect bootloader wouldn't
even touch a filesystem at all, and instead, directly pull the
kernel image from the hard drive via an offset+size baked directly
into the bootloader's binary. However, kernel configurations must
be done via the bootloader, due to how the kernel is written (as
far as I know), which must also be configured via a file, so we
don't live in this theoretical perfect world.

  Kernel verification would preferably be done via a TPM module. I
don't know how this works, so I cannot really detail this process.
If you want to figure out how TPM *may* work, and have the time to
do so, there are TPM specification documents here:

https://trustedcomputinggroup.org/resource/tpm-library-specification/

  I do believe it is more trivial then most people think, to make a
unified bootloader that works across different architectures and
hardware models, in particular, for those with the necessary
expertise and knowledge to do so. If it turns out that they cannot
do so because of undocumented hardware, that would be a separate
problem entirely (although all too familiar in the world of Linux).

  Fortunately, various vendors have put an effort to open source
their hardware interfaces, so undocumented hardware isn't as much
of a problem nowadays as it was in the past. This is part of the
reason why Linux is so good now, when compared with its past.

  Building on top of GRUB isn't the best solution in my opinion,
although it is *way* better than doing nothing. I know that many
cloud companies and individuals alike, want to ensure the safety of
their data, which is a respectable goal.


Sent with Proton Mail secure email.

On Tuesday, June 23rd, 2026 at 06:22, Neal Gompa <[email protected]> wrote:

> On Tue, Jun 23, 2026 at 6:07 AM Gerd Hoffmann <[email protected]> wrote:
> >
> >  Hi,
> >
> > > From the Fedora Cloud point of view, I am generally supportive of
> > > this. I would like to see other common filesystem modules re-added
> > > though (particularly btrfs, but it also probably makes sense to re-add
> > > xfs and ext4). I have had a todo item for a while now to discuss
> > > extending grub to s390x like the SUSE folks do for similar reasons.
> >
> > I'd rather see the fat driver removed and grub using
> > EFI_SIMPLE_FILESYSTEM_PROTOCOL instead.
> >
> > > Having a unified chain across all architectures that gives us a
> > > consistent set of features allows us to have focused integration
> > > points in userspace and develop failure mode handling that works
> > > regardless of the platform.
> >
> > That is IMHO an illusion.  The boot loader can't hide the platform
> > differences.
> >
> 
> I didn't say anything about illusions. The point of GRUB is to provide
> a common layer regardless of the underlying platform.
> 
> I still get a consistent feature set, I get a stable configuration
> target, and a universal way to detect platform differences and adapt
> to them.
> 
> > Look, grub started as boot loader for x86 bios systems.  That is
> > firmware with a very limited feature set.  So grub brings its own
> > drivers for pretty much everything.  And that history is still very
> > present today in the grub code base.
> >
> 
> I know how these things started, I started with Linux using LOADLIN
> and later LILO and finally GRUB today. I'm not unfamiliar with how all
> this works. :)
> 
> > UEFI arrived, with alot more features.  grub continues to use its
> > own drivers, causing conflicts at times because both the grub driver
> > and the efi driver are active at the same time.  Also grub completely
> > ignores features provided by the firmware.  For starters the grubenv
> > file with all its problems such as grub needing write access to the
> > filesystem for updates IMHO doesn't make much sense on UEFI systems
> > because grub could store that data in EFI variables instead.
> >
> 
> EFI variables are horribly broken in practice. I don't know if you
> happen to have perfect computers, but like half of my real-world test
> machines and two of my daily driver computers have either
> failed-with-success, non-writable, or otherwise non-functional EFI
> variables. And with fake/emulated EFI systems like U-Boot and whatnot,
> these things work even less well.
> 
> As a general rule, I want to minimize the reliance on the firmware
> layer and jump into stuff we have as quickly as possible.
> 
> > > And being able to leverage filesystem features to provide defense
> > > in-depth around data integrity is something David and I have been
> > > exploring and engaging with upstreams on as well.
> >
> > Why "filesystem features" and "data integrity" is something boot
> > loaders should have to care about?
> >
> 
> Well, at least from GRUB's point of view, currently they don't, but in
> the future, it could. For example, if fsverity is "broken" on a file,
> then GRUB could refuse to read the file. This can even extend further
> with UKIs to halt the boot process.
> 
> There are lots of opportunities to be smart early and do it in a way
> that provides a consistent experience.
> 
> 
> --
> 真実はいつも一つ!/ Always, there's only one truth!
> --
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to