On Mon, Oct 13, 2025, at 10:24 AM, Lennart Poettering wrote:
> Moreover the last time I looked it writes boot counter updates and > such directly to disk, bypassing the file system log. That's really > evil, and certainly doesn't help integrity guarantees. GRUB only writes to grubenv, and without a file system driver, because they're all read-only. The writes to grubenv aren't allowed by GRUB btrfs and zfs modules (probably also luks, lvm, and md). There is a patch to use the Btrfs bootloader pad for grubenv, it's only 1 KiB. And then GRUB and read and write to it there. Modification of grubenv to indicate boot success is done by grub-boot-success.timer/service and it's logged. > (And as mentioned elsewhere, you cannot avoid VFAT because mandated by > UEFI for ESP, and the data there has similar update/write cycles as > /boot, so nothing is gained by a different fs) ESP is infrequently updated compared to XBOOTLDR. It's not correct nothing is gained by a different fs. Aside from pooling, (open)SUSE has leveraged Btrfs for bootable snapshots. Can Fedora do this some other way? Yes, it'd be more work, rather than leveraging what Btrfs is designed to do. GRUB follows snapshots just fine, and has for a very long time. -- Chris Murphy -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
