On Wed, May 10, 2023, at 7:11 PM, Chris Adams wrote:
Once upon a time, Chris Murphy <lists(a)colorremedies.com> said:
> Read-only drivers, which are the only drivers under discussion here, aren't a per
se problem because they can't modify the file system. So they have no complaints about
that.
But those read-only drivers are incomplete and problematic, especially
as filesystems get more complex. I've been bitten before by an
ill-timed unclean shutdown, where an update was still in the /boot ext4
journal but not comitted, so the system would not boot, because the
GRUB2 ext4 driver doesn't read the journal.
Right.
But is the program updating /boot doing it correctly? Given the decision to use a
journaled file system but a bootloader that doesn't do journal replay, it means the
program needs to use a write order and sync policy to ensure there's no expectation of
journal replay. Otherwise inevitably it's going to break. So it's a series of
mistakes.
There should be _less_ put into GRUB2 filesystem support IMHO, not
more.
No more complex filesystems; keep /boot something simple like ext2 that
GRUB2 can reasonably be expected to handle basically 100%, possibly
mounted read-only during normal operation, mount with "sync", and with
all updates as atomic as practical.
It still needs the program that modifies /boot to do the updates in the proper sequence.
That's not happening right now so it's a risk no matter the file system. But if
simpler is better, and ext2 is acceptable, then FAT should also be acceptable. It has the
added benefit of all firmware supporting it.
--
Chris Murphy