On Wed, Dec 17, 2025 at 3:08 PM Lennart Poettering <[email protected]> wrote: > > On Mi, 17.12.25 09:54, Neal Gompa ([email protected]) wrote: > > > On Wed, Dec 17, 2025 at 9:44 AM Simo Sorce <[email protected]> wrote: > > > > > > On Wed, 2025-12-17 at 05:03 -0500, Neal Gompa wrote: > > > > Sure, but we explicitly *do not want* to do that. So, keeping the DTBs > > > > merged into vmlinux makes sense. > > > > > > Sorry but who is "we" ? > > > > > > Because I am pretty sure any security minded person really is for > > > moving to use just vfat for boot and not deal with developing and > > > maintaining out of tree filesystem drivers. > > > > Don't paint it with that broad of a brush. I'm certainly security > > minded and *I* don't want that. > > At this point, frankly, I hear more key people from all sides arguing > *for* vfat than against. I mean, it does appear as if the only really > loud voice in all this who defends booting from complex fs all the > time is a certain Neal Gompa. >
Maybe that's true in this thread, but I'm far from the only person, and other people have spoken up in previous threads[1]. You shouted me down there too, but I wasn't the only person opposing it. There's no reason that everyone needs to speak up again and again, especially when the last time was not that long ago. [1]: https://lists.fedoraproject.org/archives/list/[email protected]/thread/AUPPRDOIEH6QJWMHLFPE5RWQ6EEG2AFN/ > > There are trade-offs with putting > > stuff on vfat, particularly around file size, partition size, > > compatibility issues with various EFI implementations, and so on. > > not sure where even to start. > I have been dealing with all kinds of quirky EFI implementations that Fedora is expected to work on for quite some time. Heck, this Change is literally about one such case. There are lots of bad and broken UEFI implementations in physical computers, virtual machines, the cloud, everywhere. As part of doing work upstream for kiwi, I've hit tons of edge cases that are not fun (like some EFI implementations not handling a FAT32 ESP, or others ignoring ESPs that are in the wrong place or too large, and so on). You say we should simplify our stack, but that cuts both ways: relying more on the UEFI subjects us further to the breakage of the firmware. I would prefer we isolate ourselves as much as possible from the firmware because then we have less issues we cannot control. I would prefer we keep as little as possible on the ESP and jump out to OS-controlled space as soon as possible, just as Windows and macOS both do. It's the right solution when dealing with such a crazy variety of environments. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
