From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1oP7IQ-0006C8-Jv for mharc-grub-devel@gnu.org; Fri, 19 Aug 2022 15:04:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42852) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oP7IP-0006Bu-9N for grub-devel@gnu.org; Fri, 19 Aug 2022 15:04:41 -0400 Received: from smtp-relay-internal-1.canonical.com ([185.125.188.123]:35406) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oP7IM-000395-NG for grub-devel@gnu.org; Fri, 19 Aug 2022 15:04:40 -0400 Received: from mail-il1-f197.google.com (mail-il1-f197.google.com [209.85.166.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id EF76B3F03E for ; Fri, 19 Aug 2022 19:04:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1660935873; bh=Yx7ZQ3CIbcZTerIIQ1rJtSpZx2hHZ2JHTqW6v7SLJfs=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=QrsT4JUAYs2GUp5WabJKl5ObW5/LhxH90MRk71E4+uCvMqH9VnzW/3LSpBPcWZBRC 3Mq76yVKARvEPh1tYssG0DaTuAFByS0kC61LCtxfCitiSkYvFFZfgJzhzM5/NaVNP6 +u7wqsI5vVujUeQhOsxnFxq1DTUL4/+QelncwR9OJ6zOPdTVptozCETAtkrC6DC7mp XflZglmHZQZRZUElaVI7AykGmc2IVY1EixBq/nz3b4NegDcNE+KPppLxhjAN+p6XM8 ZFuJrgE48xxyoGec+K1cYPIKQ5NDCs6tExW2Gw/jOlptJnrjGTkP5FAtACQDueVd5J YzJ1jsXjPreTg== Received: by mail-il1-f197.google.com with SMTP id a4-20020a056e0208a400b002e4621942dfso3802919ilt.0 for ; Fri, 19 Aug 2022 12:04:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=Yx7ZQ3CIbcZTerIIQ1rJtSpZx2hHZ2JHTqW6v7SLJfs=; b=ieTG+lTkr1NqilZsJzIPJCLQR2kUb2D9jt3+2gjCO/fR22uo68lX8CyEVs5sBMna7u M3UQSbuCcRhslvOti7mtjGZA1P9LmubEyBqQ+3HdQzNhJpORdkdQiBb5KFoFwlXUbyZ8 hMhLTICoLWlR+WxdhwP3JFqe1bF3khx8z9vmiP1ki32Ld06uO/VXPzi21WJYX7sUsyXZ 5xesNLnxsNr0K4kEa272zNYTU8P0Rz+2AkrGXLBot1+F+lmAdRs1kWzuhV0oGRcbj4LK ZS/A79TW66v1sdZ1P7BAExyn6QqDgSB6Mq6mmVe+aeVi5wANYpR04cFCXtdJlJidGyKO rf5A== X-Gm-Message-State: ACgBeo3bTzVclr+cDHMW4vxWw133iQB4SwHPTlHIRgv67wmt7ey7dpnf LhXkthZEUbAIWTx5h7Es8w9GqIG1RyhIqNkI4axin5pyDX/hbm7YgZAOMSd3+O/3Kb5nfY5cUAz 9srEZo4Spp9CGU0otgEd9SBaQFn8rVxq0WF1lxRnrpDOc X-Received: by 2002:a05:6e02:180a:b0:2de:533a:dcb6 with SMTP id a10-20020a056e02180a00b002de533adcb6mr4357697ilv.277.1660935871373; Fri, 19 Aug 2022 12:04:31 -0700 (PDT) X-Google-Smtp-Source: AA6agR5zTAWBuiZh+LM4xWDQUdeQdX6cyAlDCL65+1KT+iM9wuVw7Xu30n5gNgMQJG78IPib1FJqG5o89hEkN9n3du4= X-Received: by 2002:a05:6e02:180a:b0:2de:533a:dcb6 with SMTP id a10-20020a056e02180a00b002de533adcb6mr4357685ilv.277.1660935871082; Fri, 19 Aug 2022 12:04:31 -0700 (PDT) MIME-Version: 1.0 References: <20220819135755.vpfkmfyvysmdbzov@tomti.i.net-space.pl> <0F68F479-0EC8-4BF8-B21D-81B5FC725226@physik.fu-berlin.de> <20220819180916.GG2668594@tack.einval.com> In-Reply-To: From: Dimitri John Ledkov Date: Fri, 19 Aug 2022 21:04:19 +0200 Message-ID: Subject: Re: [PATCH] Remove HFS support To: The development of GNU GRUB Cc: Steve McIntyre , Daniel Axtens Content-Type: multipart/alternative; boundary="0000000000009754ee05e69cc401" Received-SPF: pass client-ip=185.125.188.123; envelope-from=dimitri.ledkov@canonical.com; helo=smtp-relay-internal-1.canonical.com X-Spam_score_int: -44 X-Spam_score: -4.5 X-Spam_bar: ---- X-Spam_report: (-4.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2022 19:04:41 -0000 --0000000000009754ee05e69cc401 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable There is no need for that code on any signed grubs or upstream. Ports that want to support this patch can have it conditionally compiled / enabled only on that arch, but not other. For example, in Ubuntu we already use separate builds for signed & unsigned bootloaders. Or one may keep grub-2.06 as separate source package. It's not like those old platforms need any new features in the bootloader ever again= . The issue of insecure code is for signed bootloaders. Because there is a separate level of protection that prevents replacing arbitrary bootloaders (whilst potentially allow downgrade/upgrade attacks). Thus a responsible upstream should drop this code. On Fri, 19 Aug 2022, 20:39 John Paul Adrian Glaubitz, < glaubitz@physik.fu-berlin.de> wrote: > On 8/19/22 20:09, Steve McIntyre wrote: > > On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz > wrote: > >>> On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote= : > >>> > >>> If I do not hear any major objections in the following weeks I will > >>> merge this patch or a variant of it in the second half of September. > >> > >> We=E2=80=99re still formatting our /boot partitions for Debian PowerPC= for > >> PowerMacs using HFS, so this change would be a breaking change for > >> us. > >> > >> So, that would be a no from Debian=E2=80=99s side. > > > > Not so fast please, Adrian. At the risk of sounding harsh, non-release > > old ports like powerpc *really* don't get to dictate things in Debian > > terms. > > Add "Ports" to this. > > > As Daniel Axtens has been finding out, the HFS code is terrible in > > terms of security. If you still need it for old/semi-dead machines, > > maybe you should fork an older grub release and stay with that? > > I don't know what should be the deal with the security of a boot loader > to be honest. If someone has access to your hardware so they can control > your bootloader, you have much worse problems anyway. > > Forking is also a terrible idea as every forked package means having to > track it manually. > > Adrian > > -- > .''`. John Paul Adrian Glaubitz > : :' : Debian Developer > `. `' Physicist > `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > --0000000000009754ee05e69cc401 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
There is no need for that code on any signed grubs or ups= tream. Ports that want to support this patch can have it conditionally comp= iled / enabled only on that arch, but not other.

For example, in Ubuntu we already use separate builds fo= r signed & unsigned bootloaders. Or one may keep grub-2.06 as separate = source package. It's not like those old platforms need any new features= in the bootloader ever again.

The issue of insecure code is for signed bootloaders. Because there = is a separate level of protection that prevents replacing arbitrary bootloa= ders (whilst potentially allow downgrade/upgrade attacks). Thus a responsib= le upstream should drop this code.

On Fri, 19 Aug 2022, 20:39 John Pau= l Adrian Glaubitz, <glau= bitz@physik.fu-berlin.de> wrote:
On 8/19/22 20:09, Steve McIntyre wrote:
> On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz wr= ote:
>>> On Aug 19, 2022, at 3:59 PM, Daniel Kiper <dkiper@net-spac= e.pl> wrote:
>>>
>>> If I do not hear any major objections in the following weeks I= will
>>> merge this patch or a variant of it in the second half of Sept= ember.
>>
>> We=E2=80=99re still formatting our /boot partitions for Debian Pow= erPC for
>> PowerMacs using HFS, so this change would be a breaking change for=
>> us.
>>
>> So, that would be a no from Debian=E2=80=99s side.
>
> Not so fast please, Adrian. At the risk of sounding harsh, non-release=
> old ports like powerpc *really* don't get to dictate things in Deb= ian
> terms.

Add "Ports" to this.

> As Daniel Axtens has been finding out, the HFS code is terrible in
> terms of security. If you still need it for old/semi-dead machines, > maybe you should fork an older grub release and stay with that?

I don't know what should be the deal with the security of a boot loader=
to be honest. If someone has access to your hardware so they can control your bootloader, you have much worse problems anyway.

Forking is also a terrible idea as every forked package means having to
track it manually.

Adrian

--
=C2=A0 .''`.=C2=A0 John Paul Adrian Glaubitz
: :' :=C2=A0 Debian Developer
`. `'=C2=A0 =C2=A0Physicist
=C2=A0 =C2=A0`-=C2=A0 =C2=A0 GPG: 62FF 8A75 84E0 2956 9546=C2=A0 0006 7426 = 3B37 F5B5 F913


_______________________________________________
Grub-devel mailing list
= Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/g= rub-devel
--0000000000009754ee05e69cc401--