[systemd-devel] How to factory reset?

Kay Sievers kay at vrfy.org
Wed Mar 11 10:50:23 PDT 2015


On Wed, Mar 11, 2015 at 6:32 PM, Chris Murphy <lists at colorremedies.com> wrote:
> On Wed, Mar 11, 2015 at 2:22 AM, Tobias Hunger <tobias.hunger at gmail.com> wrote:
>>> If you're concerned about bootloader configuration modification as a
>>> threat vector, then it needs to go on an encrypted volume. This
>>> suggests an initial bootloader configuration that only enables the
>>> user to supply a passphrase/key file to unlock that volume, and then
>>> load a new bootloader configuration file.
>>
>> I am still hoping secure boot and sd-boot will solve this issue
>> mid-term by making sure all the early boot components are signed
>> properly.
>
> The bootloader configuration files aren't signed. Maybe the should be.

With systemd-boot, there will be no config to sign:
  https://harald.hoyer.xyz/2015/02/25/single-uefi-executable-for-kernelinitrdcmdline/

> And maybe done away with in favor of dynamic discovery and "hot" keys
> for indicating common boot options.

The "all included" kernels are found at /boot/EFI/Linux/*.efi

> Any general purpose solution
> should account for degraded bootable raid, which means each ESP needs
> to be identical. Either each ESP bootloader looks to a single location
> on raid for configuration, or uses dynamic discovery, or some system
> of sequentially updating each ESP needs to be devised.

We get that transparently from firmwares with "bios raid" support. We
will not care about any sort of conventional "software raid", because
the firmware itself will not handle it, and it makes nt much sense to
use over-complicated options in the later boot steps when it cannot
recover itself anyway.

For a single-system disk, the entire /boot, ESP content should rather be
seen as throw-way content which can be re-constructed from a running
system, from the content in /usr, at any given time. There is no
point in handling raid without native firmware support; manual
intervention is needed anyway on these systems if things go wrong, and
that step can just re-create the ESP content if needed.

Kay


More information about the systemd-devel mailing list