On Wed, 2023-05-10 at 18:46 +0200, Lennart Poettering wrote:
On Mi, 10.05.23 11:20, Simo Sorce (simo(a)redhat.com) wrote:
> It sounds reasonable for sure.
> The only concern is, given Microsoft creates at most 500MB ESP
> partitions, are we sure all UEFI systems out there will not choke on a
> 1GB one?
Well, I don't really think we have a reason to believe that a 1G ESP
was any more problematic than a 0.1G ESP. I am not aware of any
reports, and given that FAT32 is mandated by UEFI since basically
always, I think there's no immediate reason to believe we are in
trouble.
I think the only reasonable approach here is to pick a larger default
in a development distro, and collect feedback.
> Can't we reduce the number of kernels by having *only* one UKI and a
> rescue one that can be used to restore the previous working UKI from
> /root if the active one fails?
I'd kill the rescue concept as a separate kernel. Pre-compiled UKIs
provided by Fedora should be comprehensive and suitable enough to be
rescue images, I don't see why we need a second version of that. The
only difference between a rescue boot and a regular boot should be one
of parameterization, not of picking different kernel.
The next paragraph you cut off was proposing just that :-)
The reason why I still mentioned the rescue kernel is, as Dan mentioned
that in order to use a single UKI for both regular and rescue function
we'd need to be able to select between multiple signed command lines.
Once that is possible, I definitely would go with A/B images and stop
relying on years old rescue kernels as fallback.
Simo.
Lennart
--
Lennart Poettering, Berlin
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc