Ben Cotton <bcot...@redhat.com> writes: > By design, ostree does not manage bootloader updates as they can not > (yet) happen in a transactional, atomic and safe fashion.
As we've talked about before, it's not possible to make updates transactional. It involves, per spec and depending on processor architecture, updating multiple files in different directories, potentially on different filesystems entirely, one of which is fat32. > * User will be able to easily update the bootloader on their system. > This will let them apply Secure Boot dbx updates that block old > bootloaders with known vulnerabilities from loading. See: > ** https://github.com/fedora-silverblue/issue-tracker/issues/355 > ** https://bugzilla.redhat.com/show_bug.cgi?id=2127995 What's the plan to apply the outstanding security updates (shim, grub2, and dbx push from June) to fedora silverblue 36 + 37 that aren't covered by this change? Be well, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
