[systemd-devel] [systemd-commits] 3 commits - .gitignore Makefile.am src/bootchart src/core src/efi-boot-generator src/shared

Lennart Poettering lennart at poettering.net
Mon Jan 21 05:04:06 PST 2013 

On Mon, 21.01.13 13:05, Frederic Crozat (fcrozat at suse.com) wrote:

> But this setup is not shim loader/"Secure Boot" compatible. And it will
> force most (if not all) distributions to probably "patch" (or disable)
> this generator so it behave as it is expected by them (ie /boot/efi).

Uhmm, to make this very clear, there is really no need to "patch"
anything. Let me explain:

There are basically three kinds of setups:

      A) folks who have /boot a separate partition from the root fs and ESP
      even seperate from that.

      B) folks who have /boot on the root fs, and ESP separate

      C) folks who have /boot as the ESP, and a separate root fs.

The new generator will only cover C). On setups A) and B) it has no
effect. How that? Firstly, the units it generates are overriden by any
fstab settings. On A) the ESP and /boot have to be listed in fstab, and
hence override anything the generator could do. Secondly, the generator
will exit without doing anything if /boot is not an empty directory,
which neatly avoids systems of type B).

In addition to that, the generator won't do anything on boot loaders
which do not implement this:

http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface

As it turns out, currently only Gummiboot does, but we hope others will
too. Grub2 doesn't, so this stuff has no effect on any main-stream
distro.

How does this all interact with Secure Boot? To put it simply: Not at
all. It's entirely orthogonal to Secure Boot, has nothing to do with
it. The EFI firmware could not care less whether you mount your ESP on
Linux in /boot or in /boot/efi. 

In the long run I really hope that the distros can agree on:

a) that in a world of ESP there is no need for any other boot
   partition, so in order to keep it simple, just mount the ESP to /boot
   and be done with it.

   This also relieves a boot loader from implementing any fancier file
   systems, as the BIOS can just load the kernel/initrd. No need to
   patch btrfs into the bootloader, or MD or LVM, or whatnot.

b) that its time for distros to stop overriding each other's boot
   loaders on multi-boot, and then attempting to magically find other
   distros and maybe add them to their boot loader but at the same time
   depriving the other distros from every updating it again. People
   should just cooperate in the ESP, and everybody can be happy.

c) That grub2 on EFI should just be left for poor souls who think that a
   boot laoder with a graphical splash makes sense. As it appears the
   fans of grub2 are probably in the single digits. Binary single digits
   that is.

Now, in systemd we try to support this goal out-of-the-box with this
generator. However, we are aware that this goal isn't reached yet, and
hence the generator is a complete NOP on all current systems which do
not follow with this design, and you don't need to be "patch" anything
out or anything. We very carefully made sure this does not affect
anybody, because we though a lot about it, before doing this.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.

More information about the systemd-devel mailing list