Re: [PATCH] Allow to add/change menu entry class defaults.

[Andrei Borzenkov]

On Wed, Dec 23, 2015 at 11:54 PM, Robin Schneider <address@hidden> wrote:
> Thanks for the input. I agree that my first patch was probably a bit to
> flexible. I attached a updated patch.
>

I'm still unsure what problem it tries to solve and whether it solves
problem it intends to solve.

So you say

> Useful for changing the default access level for menu entries when using
> GRUBs password protection feature.

a) This does not change any "access level" whatever it means. It only
changes what icon is displayed for menu entry.

b) it is all or nothing. The first found icon is used so either all
menu entries are displayed with "need authentication" or none.

c) if it is all or nothing then the same can trivially be implemented
by replacing one set of icons ("unlocked") with another set of icons
("locked") during bootloader reconfiguration. This should be done by
tool you use to configure bootloader, grub-mkconfig has no knowledge
about access restrictions anyway.

So either it is trivially implemented without any need to change
grub-mkconfig or it does not solve the problem anyway.

But idea itself is actually interesting. Icon manager in grub could
select different icon if menu entry requires authentication. Or it
could display overlay (which is probably better). And it actually can
dynamically decide whether to display this overlay depending on
whether user is already authenticated.

How does it sound?

P.S. current situation with grub-mkconfig I do not like at all. It
became de-facto standard tool to configure GRUB by distributions but
it does not provide any sane way to differentiate between distribution
default vs. local admin configuration. And variables you propose sound
exactly like the type that will hit this confusion. We need to solve
this before.