On Do, 28.07.22 16:54, Petr Pisar (ppi...@redhat.com) wrote: > > This sounds pretty awesome, actually. I'd like to see that get > > implemented... > > > Unfortunatelly (complex) file system drivers are not written with safety > on mind. They rather prefer performance over security. If somebody signed a > UEFI driver for ext4, there would be a storm of CVEs "Secure boot bypass with > a contrived file system".
efifs just added uefi glue on top of grub's fs drivers. Thus, if grub is fine to sign, then efifs is much much less risk, given it's a fraction of the grub codebase, but actually mostly code from the grub codebase. But anyway, I am actually advocating for sticking to VFAT everywhere. ext4 drivers in the boot loader only are necessary for the upgrade path. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
