[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?
From: |
Thomas Schmitt |
Subject: |
Re: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ? |
Date: |
Sun, 14 Aug 2016 10:44:59 +0200 |
Hi,
Andrei Borzenkov wrote:
> as long as generated GUID has reasonable chance to be different from
> any other GUID on the system where ISO was booted, it should be good.
> For GRUB itself it does not matter anyway - it does not use GUID, so FS
> UUID collision is worse problem.
That's the decisive point i gnaw on. Vladimir decided to use the low-entropy
Volume Modification Date as --fs-uuid for grub-mkrescue ISOs. I understand
it uses it for finding the device from where it booted.
But other than with this GRUB specific interpretation, the GPT GUIDs have
a meaning after GRUB completed its work of booting.
Meanwhile i found a strong reason not to rely on the low-entropy ids
by default.
xorriso lists the --modification-date among the -as mkisofs options which
it reports about existing bootable ISOs by:
xorriso -indev some_bootable.iso -report_system_area as_mkisofs
These options are meant for helping to produce modified ISOs with the
same boot equipment as the input ISO.
So this is a use case where an ISO is not identical to its predecessor
but needs to get the same --modification-date, in case GRUB is in the ISO.
This leads me to the decision not to base the GPT GUIDs on
--modification-date by default.
So those who are not in the business of reproducible ISOs will not
experience a change.
For those users for whom it matters i will offer a constant option to use
the modification timestamp:
--gpt_disk_guid modification-date
but also the option to provide an externally generated GUID which gets
generated once in good quality:
$ uuidgen >guid_of_iso
and then re-used as often as needed and appropriate
$ xorriso -as mkisofs ... --gpt_disk_guid $(cat guid_of_iso) ...
--------------------------------------------------------------------------
In order to be able to create reproducible ISOs, grub-mkrescue would need
an option to set a user defined modification date which overrides
/* obtain date-based UUID. */
at
http://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkrescue.c#n541
If EFI boot equipment is generated, the user would have to additionaly
give one of above --gpt_disk_guid options as extra xorrisofs arguments.
Have a nice day :)
Thomas