On Thu, Mar 18, 2021 at 07:30:26PM +0800, Michael Chang via Grub-devel wrote: > Given no core functions on i386-pc would require verifiers to work and > the only consumer of the verifier API is the pgp module, it looks good > to me that we can move the verifiers out of the kernel image and let > moddep.lst to auto-load it when pgp is loaded on i386-pc platform. > > This helps to reduce the size of core image and thus can relax the > tension of exploding on some i386-pc system with very short MBR gap > size. See also a very comprehensive summary from Colin [1] about the > details. > > [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00240.html > > V2: > Drop COND_NOT_i386_pc and use !COND_i386_pc. > Add comment in kern/verifiers.c to help understanding what's going on > without digging into the commit history. > > Reported-by: Colin Watson <cjwat...@debian.org> > Reviewed-by: Colin Watson <cjwat...@debian.org> > Signed-off-by: Michael Chang <mch...@suse.com>
NAK for this patch and others "fixing" small MBR gaps. I am not going to deal with this kind of issues any longer because a few folks in the world cannot/do not want/... reinstall their systems. Sorry guys. Additionally, the commit 5fd18f77e (mbr: Warn if MBR gap is small and user uses advanced modules) and 505d92f5e (mbr: Document new limitations on MBR gap support) are pretty clear we do not support advanced configs with small MBR gaps any longer. Daniel PS FYI, I am not sure anybody cares but I think patch is not fully correct because lockdown part of kernel calls into verifiers module on i386-pc. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
