[systemd-devel] [systemd-commits] 3 commits - .gitignore Makefile.am src/bootchart src/core src/efi-boot-generator src/shared

Frederic Crozat fcrozat at suse.com
Mon Jan 21 04:21:31 PST 2013


Le lundi 21 janvier 2013 à 13:09 +0100, Kay Sievers a écrit :
> On Mon, Jan 21, 2013 at 1:05 PM, Frederic Crozat <fcrozat at suse.com> wrote:
> > Le lundi 21 janvier 2013 à 12:03 +0100, Kay Sievers a écrit :
> 
> >> It's the simplest and most efficient setup a system can have.
> >
> > But this setup is not shim loader/"Secure Boot" compatible.
> 
> Sure it is. Why not? It has nothing to do which filesystem /boot uses.

the generator isn't a problem, I was commenting on the "simplest" part.
You still need a shim loader there, since an EFI-stubed kernel can't be
signed by UEFI Signing Service (I'm not discussing signing a kernel
yourself or injecting its key into EFI firmware).

> > And it will
> > force most (if not all) distributions to probably "patch" (or disable)
> > this generator so it behave as it is expected by them (ie /boot/efi).
> 
> If you would have read the code or the commit or the wiki page, you
> would have noticed that the generator never gets active in any other
> setup.

I read the code before commenting, and I noticed it won't quick in as
long as /boot is not empty nor mounted in fstab. But you are still
"deviating" from the common practice among distributions and to be
useful and work "as expected" on such distributions, this generator
should use /boot/efi instead. Obviously, you already made you mind, so I
guess it is useless to argue anymore but I doubt it will be of great
usage on most distributions.

-- 
Frederic Crozat <fcrozat at suse.com>
SUSE



More information about the systemd-devel mailing list