From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1lPqAv-0002JM-4y for mharc-grub-devel@gnu.org; Fri, 26 Mar 2021 13:23:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lPqAt-0002HP-B8 for grub-devel@gnu.org; Fri, 26 Mar 2021 13:23:07 -0400 Received: from dibed.net-space.pl ([84.10.22.86]:43876) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_3DES_EDE_CBC_SHA1:192) (Exim 4.90_1) (envelope-from ) id 1lPqAr-00062O-ME for grub-devel@gnu.org; Fri, 26 Mar 2021 13:23:07 -0400 Received: from router-fw.i.net-space.pl ([192.168.52.1]:54962 "EHLO tomti.i.net-space.pl") by router-fw-old.i.net-space.pl with ESMTP id S2098322AbhCZRXA (ORCPT ); Fri, 26 Mar 2021 18:23:00 +0100 X-Comment: RFC 2476 MSA function at dibed.net-space.pl logged sender identity as: dkiper Date: Fri, 26 Mar 2021 18:22:58 +0100 From: Daniel Kiper To: Michael Chang Cc: grub-devel@gnu.org, Colin Watson , Marco A Benatto , Javier Martinez Canillas Subject: Re: [PATCH v2] i386-pc: build verifiers API as module Message-ID: <20210326172258.3ynmico4odlgirfo@tomti.i.net-space.pl> References: <20210318113026.24963-1-mchang@suse.com> <20210322152000.ebheegnkkhpqa4d3@tomti.i.net-space.pl> <20210323041621.GA4480@mercury> <20210323164801.ct2qdfyk3zw55rfs@tomti.i.net-space.pl> <20210324035056.GA4620@mercury> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210324035056.GA4620@mercury> User-Agent: NeoMutt/20170113 (1.7.2) Received-SPF: pass client-ip=84.10.22.86; envelope-from=dkiper@net-space.pl; helo=dibed.net-space.pl X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 17:23:07 -0000 On Wed, Mar 24, 2021 at 11:50:56AM +0800, Michael Chang wrote: > On Tue, Mar 23, 2021 at 05:48:01PM +0100, Daniel Kiper wrote: > > On Tue, Mar 23, 2021 at 12:16:21PM +0800, Michael Chang via Grub-devel wrote: > > > On Mon, Mar 22, 2021 at 04:20:00PM +0100, Daniel Kiper wrote: > > > > On Thu, Mar 18, 2021 at 07:30:26PM +0800, Michael Chang via Grub-devel wrote: > > [snip] > > > IIRC I was looking at this patch a few weeks ago but decided to not take > > it because the changes are too intrusive for freeze stage. Though I can > > reconsider it once again if you think it is worth of it... > > Yes please ... It is indeed a bit instrusive, but neverthelast it is > also worth the effort to integrate a method that will help to improve > integrity of the grub installation. OK, I will take a look at it once again. > At present the procedure of module and image install is not atomic, so > the system may suffer from booting in unspecified state if the process > aborted prematurely in the halfway. A promising solution to revert the > unspecified state to the original one is therefore very much desired and > will benefit us in the log run ... > > > > Afterall, keeping existing running system to survive update (NOT new > > > install) is really an important thing as many can't afford that to > > > happen. If we can make it any better to reduce the cost please consider > > > to do it. It doesn't conflict with the purpose to stop the short mbr gap > > > support, given we all know the broken system can be avoided in the first > > > place ... > > > > This makes sense for me and I am OK with hardening the upgrade path. > > However, I think it is post release work... > > Thanks for taking the patch into consideration. Your plan also looks > good to me. Great! Thanks, Daniel