On Wed, Dec 01, 2021 at 04:53:20PM -0500, Colin Walters wrote:
> 
> 
> On Wed, Dec 1, 2021, at 4:34 PM, Chris Adams wrote:
> > Once upon a time, Colin Walters <walt...@verbum.org> said:
> >> https://github.com/coreos/fedora-coreos-config/commit/eb74f2ea3e9b453902315539e4f327481162c4f8
> >
> > Missed this message earlier... this seems like this should be the
> > default on pretty much all Fedora setups, with documentation on how to
> > change it if you secure the boot loader.
> 
> Yeah, I agree.  Also related is
> https://github.com/coreos/fedora-coreos-tracker/issues/134
> 
> Basically systemd doesn't know whether or not the bootloader is locked.
> Longer term, perhaps there could be some standard variable for this passed 
> from the bootloader to kernel/systemd that says whether or not the bootloader 
> allows unauthenticated interactive keyboard changes (as grub does on default 
> Fedora setups).  If it does, we can just unceremoniously drop to a root shell.

I've submitted https://fedoraproject.org/wiki/Changes/FixRescueMode to
make this default on Fedora setups (it should be officially
announced by Monday).

I'm interested in the longer-term followup too - should we discuss that
separately and cc: grub and systemd development lists?

Best,

-- 
Michel Alexandre Salim
profile: https://keyoxide.org/mic...@michel-slm.name

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to