Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFE] Use systemd-boot for EFI booting #867

Open
pothos opened this issue Oct 11, 2022 · 0 comments
Open

[RFE] Use systemd-boot for EFI booting #867

pothos opened this issue Oct 11, 2022 · 0 comments
Labels
kind/feature A feature request

Comments

@pothos
Copy link
Member

pothos commented Oct 11, 2022

Current situation

GRUB is on the MBR for BIOS booting and also on the ESP for EFI booting. GRUB has custom logic for A/B GPT attribute handling, the reading of the dm-verity hash from a kernel offset, and the detection of first boot and OEM. Users may also customize the kernel parameters through the grub.cfg file.
For TPM usage, however, GRUB's supported mode is not really useful because it doesn't work with signatures of PCR measurements compared to systemd-boot which has modern TPM functionality.

Impact

TPM usage in its current form would mean to reenroll on every update, which is fragile combined with rollbacks.

Ideal future situation

For the EFI boot path we use systemd-boot while we keep GRUB on the MBR for BIOS booting.
To be able to ship a single image and be backwards compatible we would need to support both ways of boot try counting (systemd-boot uses a suffix in the kernel file name). Ideally it would even work to turn EFI boot on and off without requiring manual changes.

Implementation options

We can focus only on new installations and old installations stay with GRUB for EFI.
Fedora has some GRUB code to support boot counting in the filename, maybe we could use this to only have one way of boot counting?
In update-engine both cases need to be covered, either we prepare the system for both boot loaders or we detect which one is used.

Additional information

As of now, GRUB does not support unified kernel images but adding this support to GRUB could help to gain more out of systemd-boot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature A feature request
Projects
Development

No branches or pull requests

1 participant