grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?


From: Thomas Schmitt
Subject: Re: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?
Date: Sun, 14 Aug 2016 10:44:59 +0200

Hi,

Andrei Borzenkov wrote:
> as long as generated GUID has reasonable chance to be different from
> any other GUID on the system where ISO was booted, it should be good.
> For GRUB itself it does not matter anyway - it does not use GUID, so FS
> UUID collision is worse problem.

That's the decisive point i gnaw on. Vladimir decided to use the low-entropy
Volume Modification Date as --fs-uuid for grub-mkrescue ISOs. I understand
it uses it for finding the device from where it booted.

But other than with this GRUB specific interpretation, the GPT GUIDs have
a meaning after GRUB completed its work of booting.


Meanwhile i found a strong reason not to rely on the low-entropy ids
by default.

xorriso lists the --modification-date among the -as mkisofs options which
it reports about existing bootable ISOs by:

  xorriso -indev some_bootable.iso -report_system_area as_mkisofs

These options are meant for helping to produce modified ISOs with the
same boot equipment as the input ISO.
So this is a use case where an ISO is not identical to its predecessor
but needs to get the same --modification-date, in case GRUB is in the ISO.

This leads me to the decision not to base the GPT GUIDs on
--modification-date by default.
So those who are not in the business of reproducible ISOs will not
experience a change. 

For those users for whom it matters i will offer a constant option to use
the modification timestamp:

  --gpt_disk_guid modification-date

but also the option to provide an externally generated GUID which gets
generated once in good quality:

  $ uuidgen >guid_of_iso

and then re-used as often as needed and appropriate

  $ xorriso -as mkisofs ... --gpt_disk_guid $(cat guid_of_iso) ...

--------------------------------------------------------------------------

In order to be able to create reproducible ISOs, grub-mkrescue would need
an option to set a user defined modification date which overrides
  /* obtain date-based UUID.  */
at
  http://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkrescue.c#n541

If EFI boot equipment is generated, the user would have to additionaly
give one of above --gpt_disk_guid options as extra xorrisofs arguments.


Have a nice day :)

Thomas




reply via email to

[Prev in Thread] Current Thread [Next in Thread]