Hi, > We're trusting a lot more than two fs drivers... > > %global grub_modules " all_video boot blscfg btrfs \\\ > cat configfile cryptodisk \\\ > echo ext2 f2fs fat font \\\ > gcry_rijndael gcry_rsa gcry_serpent \\\ > gcry_sha256 gcry_twofish gcry_whirlpool \\\ > gfxmenu gfxterm gzio \\\ > halt hfsplus http increment iso9660 \\\ > jpeg loadenv loopback linux lvm luks \\\ > luks2 \\\ > memdisk \\\ > mdraid09 mdraid1x minicmd net \\\ > normal part_apple part_msdos part_gpt \\\ > password_pbkdf2 pgp png reboot regexp \\\ > search search_fs_uuid search_fs_file \\\ > search_label serial sleep \\\ > squash4 \\\ > syslinuxcfg \\\ > test tftp version video xfs zstd " > > These are all in the signed grubx64.efi binary.
There are two classes of grub modules though. Only the ones declared "trusted" are loaded in case secure boot is turned on. > GRUB is enabling Fedora to support a wide assortment of architectures, > some of which do not use UEFI. Therefore sd-boot isn't a drop in > replacement, and therefore it would be an additional boot loader, and > partitioning layout. There is no need for a different partitioning layout (except when it comes to supporting existing installs). Using vfat /boot everywhere is an option, and it would cut down the number of grub modules needed alot. > There's a lot of implied work to do and not a lot of people ready, > willing, and able to do that work. Indeed. And grub tying to support every filesystem under the sun is IMHO part of the problem. > > in particular quite complex ones that are eyed with quite some > > animosity from kernel upstream. > > I have no idea what this is a reference to or how it could be > relevant. kernel filesystem people do not like grub having its own filesystem implementations, especially when it comes to broken write access (bypassing the journal etc). take care, Gerd -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
