Hi, I would like to discuss the following idea:
Assume a system, where efibootguard (ebg) is installed. The system contains two config partitions and ebg expects exactly two. Now assume, the user did something wrong and destroyed both root file systems then efibootguard will boot the kernel, which then panics and the user has no access anymore. If however, the user generates an alternative boot medium with ebg as well, the config partitions on the device are also detected and ebg from the alternative boot medium detects more than two environments and refuses to boot as well. This is expected behavior due to security reasons: If internal ebg would boot and a user would add a stick with a contaminated environment, then the internal ebg could boot this environment if the number of environments would not be fixed to the expected one. The only solution at the moment is to use a boot medium with an alternative boot loader. A nicer idea however could be to add a new configure option to configure efibootguard with a fixed internal environment. This way, it might be easier for a user to generate a recovery stick. Like ./configure --with-failsafe-env Kernel could then just be sought on the efibootguard partition. Opinions? Cheers, Andreas -- Andreas Reichel Dipl.-Phys. (Univ.) Software Consultant [email protected], +49-174-3180074 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20180322102450.GA22152%40iiotirae. For more options, visit https://groups.google.com/d/optout.
