On Wed, Jul 27, 2022 at 2:05 PM Lennart Poettering <mzerq...@0pointer.de> wrote: > > On Mi, 27.07.22 16:50, Chris Murphy (li...@colorremedies.com) wrote: > > > > I prefer no shim in my computers. I'm using systemd-boot signed by my > > > own CA. > > > > That is not a generic solution we can ship in Fedora. Since each > > distro ships their own shim, they'd each have to ship their own > > signed fsfs in order to read the shared a non-FAT $BOOT. It's too > > high a barrier to adoption. > > Something we could add relatively easily to sd-boot is that it could > look for drivers to load in one of its own PE sections (let's say a > new section ".drivers"). > > Then Fedora could do something like this: > > 1. build ext4 efifs as UEFI PE binary (→ ext2_x64.efi) > 2. build systemd-boot as UEFI PE binary (→ systemd-bootx64.efi) > 3. use "objcopy --add-section .drivers=ext2_x64.efi > systemd-bootx64.efi systemd-bootx64.withext4.efi" to embedd the ext4 > driver inside systemd-boot > 4. sign the resulting systemd-bootx64.withext4.efi via shim/… > 5. profitt! now you have an sd-boot binary that can do ext4. yay. > 6. ask relevant other distros to do the same. They are probably in a > very similar situation as fedora is, given they typically all use > Grub right now. >
This sounds pretty awesome, actually. I'd like to see that get implemented... -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
