Hi Vladimir! On 8/19/22 21:45, Vladimir 'phcoder' Serbinenko wrote:
This kind of consideration was taken into account when designing security system and even when GRUB2 itself was designed. The solution is modules whitelist. There are many modules that can be dropped from signed build not just filesystems but also commands or loaders. There is no need to cut old systems from new grub if existing infrastructure can handle it.
Thank you! I don't understand why maintainers concerned with security can't just do that. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer `. `' Physicist `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
