On 6/25/26 8:15 AM, Lennart Poettering wrote:
Given that the UEFI's trust/security architecture during boot focuses on authenticating individual binaries (rather than authenticating file systems as a whole) it is essential that file systems accessed during boot loader runtime are as simple as possible. i.e. FAT is simply the best option, because comparatively simple.
It's funny how CSsushiMan and Lennart, with their nearly entirely opposite backgrounds, essentially have the same intuition that early boot stages need to have a clean, green field of a simple kernel/initrd layout. I actually agree; the combinatorial explosion of possibilities with all the filesystems, MD/DM layers, encryption, RAID, etc, etc, is just too hard to manage.
My reservation used to be the unencrypted boot artifacts allowed tampering and subversion of the boot process---but of course now the secure boot can use TPM verification chain to protect them.
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
