Am 18.11.21 um 15:21 schrieb Julian Andres Klode:
we have recently discussed the matter of systemd-boot in
an upstream shim review gathering.

Is this discussion public? Can you share it?

* systemd-boot does not use current ways of communicating with

* There was some concern over general quality

Has this been passed along to the systemd maintainers?
If so, what's their take on this? If not, could you forward your findings/concerns to upstream, please?

* systemd-boot is an additional bootloader, rather than replacing
   an existing one, thus increasing the attack surface.

   If people want to experiment with other bootloaders than the
   default one, they can disable secure boot, or load their own
   keys into the machine. We do not consider it valid to have
   a choice of bootloaders.

I guess with this argument, there can never be another bootloader aside from grub2? Actually my impression by being vastly more minimalistic then grub2, systemd-shim would have a smaller attack surface.

Anyway, I don't really have any skin in this game, but I guess with the response from Julian this MR is dead in the water. It would be pretty pointless to prepare everything for systemd-shim to be signed when in the end it will never happen.


Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to