On 2017-07-21 14:34, Andreas Reichel wrote: > On Fri, Jul 21, 2017 at 02:23:13PM +0200, Jan Kiszka wrote: >> On 2017-07-21 14:00, Andreas Reichel wrote: >>> On Thu, Jul 20, 2017 at 08:05:31PM +0200, Jan Kiszka wrote: >>>> On 2017-07-12 14:38, [ext] Reichel Andreas wrote: >> >> OK, I see. >> >> That makes me wonder about the following error scenario: After running >> fine, maybe rebooting a couple of times, the latest partition suddenly >> becomes corrupt. Can/should the previous version then act as backup? Can >> we detect this case of "late downgrade"? Should we, after successfully >> updating and booting a new version also update the second partition to >> the same content, just leaving its partition revision old? I'm concern >> of a silent fall-back to an old, potentially vulnerable version of the >> system otherwise. >> > This is a really good point! I suggest to modify the confirm feature to > also create a backup copy of the new working environment to the (latest-1) > environment. I will add this to the TODO.md as first item. This is then > also in agreement with the initial setup of two identical (except > revision) environment data sets.
Sounds good. > >> >> The idea is to make this section for the common case as simple as >> possible - if that is possible, of course. >> > Sure. However this was the first point I fell over and I have the > feeling that this is important for users. Just to be user-friendly. > That's why I wrote (>if needed<) so the user can easily skip this > section :) Ack. Jan -- Siemens AG, Corporate Technology, CT RDA ITP SES-DE Corporate Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/03706db8-c111-2471-5f9a-8982c964ea4f%40siemens.com. For more options, visit https://groups.google.com/d/optout.
