>2009/8/27 Martin Langhoff <mar...@laptop.org>: >>> 4. sig02 leases are still unsupported in the latest OpenFirmware, but >>> it looks like we have renewed interest in getting this finished off, >>> so no initramfs changes will be needed in this area. >> >> Here Daniel skips the fact that there is a homely but IMO valid patch >> that -- when OFW tells us <activate> -- rechecks the filesystem for a >> valid lease before trying to activate. >> >> This is a good thing if we assume that the initramfs can evolve faster >> than OFW, =A0and the case "OFW doesn't recognise this sig format but >> Initramfs does" is a valid one. > >Except, unless I missed something in the last discussion, we don't >fully understand why the system was ever designed like this. So I'm >making the assumption that there is something important that we aren't >understanding.
Here is my recollection of the design thinking at the time: OFW knows how to examine activation leases as a common-case optimization in order to try to make booting faster. When OFW doesn't understand or can't find a lease, it should hand the lease to the (authenicated) initramfs, which is the last authority on whether or not to hand control to userland. We picked the initramfs as the site of this authority for three reasons: 1. because people who can update OFW are scarcer and more frequently on other critical paths than people who can update an initramfs 2. because we have a working limited rollback feature for the kernel+initramfs already implemented in the firmware 3. because it seemed easier to Scott at the time to deal with communications with the environment from Linux than from OFW Regards, and keep up the good work, Michael P.S. - I will try to make time to assist you with a more serious review per your earlier request. _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel