Re: [PATCH v2] i386-pc: build verifiers API as module

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] i386-pc: build verifiers API as module

From:	Daniel Kiper
Subject:	Re: [PATCH v2] i386-pc: build verifiers API as module
Date:	Mon, 12 Apr 2021 15:15:53 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

On Fri, Mar 26, 2021 at 06:01:01PM +0100, Daniel Kiper wrote:
> On Wed, Mar 24, 2021 at 12:44:52PM +0800, Michael Chang via Grub-devel wrote:
> > On Tue, Mar 23, 2021 at 05:33:12PM +0100, Daniel Kiper wrote:
> > > On Mon, Mar 22, 2021 at 08:45:27PM +0000, Colin Watson wrote:
> >
> > [snip]
> >
> > > > rounds of security megapatches we've also seen that the amount of
> > > > divergence between upstream and various distributions in
> > > > security-critical code is in fact a serious problem that needs to be
> > > > addressed, and so I'm not happy about adding more to it for things that
> > > > touch e.g. the verifiers framework - obviously a security-critical
> > > > component.
> > > >
> > > > However, we probably won't have any choice.  Bugs of the form "I
> > > > couldn't upgrade without reinstalling my entire system" are quite likely
> > > > to be considered critical by any distribution worth its salt, regardless
> > >
> > > How long are you going to support such systems? 1, 5 or 10 years? This
> > > approach makes GRUB upstream as a hostage of small MBR gaps users.
> > > Anyway, I think we have to make users aware that small MBR gaps are not
> > > supported any longer. Otherwise we will be playing whack-a-mole game
> > > which we will loose sooner or later.
> >
> > IMHO It is doing the right thing to declare MBR gap is not supported, it
> > is also doing the right thing to not breaking updates. We are yet to
> > seek out or arrive at right time to have short MBR gap completely out of
> > the game. Maybe a few years later nobody would care as the legacy pc
> > bios is diminishing, or at some point of time everyone here would agree
> > that we really have to blow up the limit in order to move on and convey
> > a clear message that people who is running short mbr gap won't receive
> > grub updates any longer unless they change it - given we have give
> > acceptable grace period for them to do the migration ...
>
> After some thinking it seems to me we can do this. I can take "i386-pc:
> build verifiers API as module", "kern/misc: Move grub_printf_fmt_check
> to gfxmenu" and similar patches into 2.06. I will revert after the
> release all the patches which adds ifdefery or make code ugly and do not
> benefit other platforms than i386-pc. This way you will have support for
> small MBR gaps in 2.06 and I will have clean code after 2.06 release.
>
> Does it work for you guys?

Does anybody care?

Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v2] i386-pc: build verifiers API as module, Daniel Kiper <=
- Re: [PATCH v2] i386-pc: build verifiers API as module, Michael Chang, 2021/04/13
  - Re: [PATCH v2] i386-pc: build verifiers API as module, Daniel Kiper, 2021/04/14
    - Re: [PATCH v2] i386-pc: build verifiers API as module, Colin Watson, 2021/04/16
    - Re: [PATCH v2] i386-pc: build verifiers API as module, Michael Chang, 2021/04/19
    - Re: [PATCH v2] i386-pc: build verifiers API as module, Daniel Kiper, 2021/04/28

Prev by Date: Re: [PATCH] RISC-V: Restore the typcast to 64bit type
Next by Date: Re: [PATCH] arm/efi: fix ram base detection
Previous by thread: Re: [PATCH] RISC-V: Restore the typcast to 64bit type
Next by thread: Re: [PATCH v2] i386-pc: build verifiers API as module
Index(es):
- Date
- Thread