[systemd-devel] Splitting sd-boot from systemd/bootctl for enabling sd-boot in Fedora
Andrei Borzenkov
arvidjaar at gmail.com
Sat Apr 30 05:08:12 UTC 2022
On 28.04.2022 10:54, Lennart Poettering wrote:
>
>> * systemd-boot is an additional bootloader, rather than replacing
>> an existing one, thus increasing the attack surface.
>
> Hmm, what? "additional bootloader"? Are they suggesting you use grub
> to start sd-boot? I mean, you certainly could do that, but the only
> people I know who do that do that to patch around the gatekeeping that
> the shim people are doing. Technically the boot chain should either be
> [firmware → sd-boot → kernel] or [firmware → shim → sd-boot → kernel]
> (if you buy into the shim thing), and nothing else.
>
I guess "additional bootloader" in this context means that distribution
cannot use sd-boot as the only bootloader for obvious reason - it is EFI
only. So distribution would need to keep currently used bootloader
anyway. If current bootloader already works on platforms supported by
distribution, what is gained by adding yet another one?
More information about the systemd-devel
mailing list