On Wed, Dec 01, 2021 at 04:53:20PM -0500, Colin Walters wrote: > > > On Wed, Dec 1, 2021, at 4:34 PM, Chris Adams wrote: > > Once upon a time, Colin Walters <walt...@verbum.org> said: > >> https://github.com/coreos/fedora-coreos-config/commit/eb74f2ea3e9b453902315539e4f327481162c4f8 > > > > Missed this message earlier... this seems like this should be the > > default on pretty much all Fedora setups, with documentation on how to > > change it if you secure the boot loader. > > Yeah, I agree. Also related is > https://github.com/coreos/fedora-coreos-tracker/issues/134 > > Basically systemd doesn't know whether or not the bootloader is locked. > Longer term, perhaps there could be some standard variable for this passed > from the bootloader to kernel/systemd that says whether or not the bootloader > allows unauthenticated interactive keyboard changes (as grub does on default > Fedora setups). If it does, we can just unceremoniously drop to a root shell.
I've submitted https://fedoraproject.org/wiki/Changes/FixRescueMode to make this default on Fedora setups (it should be officially announced by Monday). I'm interested in the longer-term followup too - should we discuss that separately and cc: grub and systemd development lists? Best, -- Michel Alexandre Salim profile: https://keyoxide.org/mic...@michel-slm.name
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
