grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Remove HFS support

From: Dimitri John Ledkov
Subject: Re: [PATCH] Remove HFS support
Date: Fri, 19 Aug 2022 21:04:19 +0200
There is no need for that code on any signed grubs or upstream. Ports that want to support this patch can have it conditionally compiled / enabled only on that arch, but not other.

For example, in Ubuntu we already use separate builds for signed & unsigned bootloaders. Or one may keep grub-2.06 as separate source package. It's not like those old platforms need any new features in the bootloader ever again.

The issue of insecure code is for signed bootloaders. Because there is a separate level of protection that prevents replacing arbitrary bootloaders (whilst potentially allow downgrade/upgrade attacks). Thus a responsible upstream should drop this code.

On Fri, 19 Aug 2022, 20:39 John Paul Adrian Glaubitz, <glaubitz@physik.fu-berlin.de> wrote:
On 8/19/22 20:09, Steve McIntyre wrote:
> On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz wrote:
>>> On Aug 19, 2022, at 3:59 PM, Daniel Kiper <dkiper@net-space.pl> wrote:
>>>
>>> If I do not hear any major objections in the following weeks I will
>>> merge this patch or a variant of it in the second half of September.
>>
>> We’re still formatting our /boot partitions for Debian PowerPC for
>> PowerMacs using HFS, so this change would be a breaking change for
>> us.
>>
>> So, that would be a no from Debian’s side.
>
> Not so fast please, Adrian. At the risk of sounding harsh, non-release
> old ports like powerpc *really* don't get to dictate things in Debian
> terms.

Add "Ports" to this.

> As Daniel Axtens has been finding out, the HFS code is terrible in
> terms of security. If you still need it for old/semi-dead machines,
> maybe you should fork an older grub release and stay with that?

I don't know what should be the deal with the security of a boot loader
to be honest. If someone has access to your hardware so they can control
your bootloader, you have much worse problems anyway.

Forking is also a terrible idea as every forked package means having to
track it manually.

Adrian

--
  .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]