On Mon, Sep 5, 2022, at 5:46 AM, Ludwig Nussel wrote:
Chris Murphy wrote:
One hurdle is BLS pretty much obviates the idea of an encrypted $BOOT...[snip]
As long as we don't secure the whole boot chain using eg tpm, it doesn't really matter whether the initrd is within the encrypted volume or not. I think people have a false sense of security with encrypted /boot as it is now. Anyway, yes initrd authentication needs to be solved at some point to counter evil maid attacks but is not a blocker for BLS IMO.
Agreed.
In general I think we should prepare for BLS/sd-boot. To solve the snapshot issue I made a PoC that hooks into snapper while ago: https://build.opensuse.org/package/show/home:lnussel:legacyfree/kernel-insta...
At the very least, BLS permits greater flexibility in bootloader selection, while enhancing consistency from the user perspective. Of course not everything can be abstracted at such a low-level, but I think it helps users when the user facing portions of bootloader configuration and logic are the same.
Works on both traditional systems as well as MicroOS. Here's an image that boots with sd-boot and has snapshots support: https://build.opensuse.org/package/binaries/home:lnussel:legacyfree/openSUSE...
Also some upstream discussion: https://github.com/systemd/systemd/pull/23841
In the long run we need some more radical changes though. I don't think /.snaphots, transactional-update and overlayfs hacks to fool packages are things to keep going forward.
Agreed on all these points, except "transactional-update" because I'm not sure exactly what it refers to. Also I'm seeing more BLS changes in the last few days that aren't yet merged. https://github.com/systemd/systemd/pull/24521/files -- Chris Murphy