"Vladimir 'phcoder' Serbinenko" writes:
> Le ven. 26 août 2022, 15:47, Daniel Axtens a écrit :
>
>> Let me answer this out of order.
>>
>> > I understand the need to sometimes get rid of old code, but since the HFS
>> > module can be blacklisted as Vladimir explains, I don't really understand
John Paul Adrian Glaubitz writes:
> On 8/30/22 18:37, Robbie Harwood wrote:
>
>> As the person currently responsible for the Red Hat tree: I am also
>> not happy about this state of affairs.
>
> I don't want to sound rude, but GRUB isn't a RedHat-only project, it's a
> community project.
"Vladimir 'phcoder' Serbinenko" writes:
> Le ven. 26 août 2022, 15:47, Daniel Axtens a écrit :
>
>> Let me answer this out of order.
>>
>>> I understand the need to sometimes get rid of old code, but since
>>> the HFS module can be blacklisted as Vladimir explains, I don't
>>> really understand
On 8/30/22 18:37, Robbie Harwood wrote:
As the person currently responsible for the Red Hat tree: I am also not
happy about this state of affairs.
I don't want to sound rude, but GRUB isn't a RedHat-only project, it's a
community project. So, while I understand RH's point of view, I would also
Daniel Axtens writes:
>>> Have you checked that you can't boot them with HFS+? Because HFS+
>>> came in 1998, which was (AFAICT) pretty early on in the G3
>>> lifecycle. So I'd be really surprised if the firmware didn't support
>>> booting from HFS+. I'd be very keen to hear.
>>
>> I have not
Le ven. 26 août 2022, 17:46, John Paul Adrian Glaubitz <
glaub...@physik.fu-berlin.de> a écrit :
> Hi Vladimir!
>
> On 8/19/22 21:01, Vladimir 'phcoder' Serbinenko wrote:
> > But booting old machines is still desirable for GRUB. Is there a reason
> why
> > HFS is actively bad for modern machines?
Hi Vladimir!
On 8/19/22 21:01, Vladimir 'phcoder' Serbinenko wrote:
But booting old machines is still desirable for GRUB. Is there a reason why
HFS is actively bad for modern machines? Especially if it's disabled in case
of lockdown.
Can I have more details about your security concerns? I may
On 8/26/22 15:31, Daniel Axtens wrote:
I want _all_ grub code to reach a minimum standard of not crashing or
corrupting memory in the presence of malicious input. HFS does not reach
that standard.
I surely understand that although it sounds a little academic to me.
Whether or not the HFS
Let me answer this out of order.
> I understand the need to sometimes get rid of old code, but since the HFS
> module can be blacklisted as Vladimir explains, I don't really understand
> the reasoning in this particular case.
I want _all_ grub code to reach a minimum standard of not crashing or
On 8/20/22 15:53, Daniel Axtens wrote:
Really, plain HFS, not HFS+? Wowsers!
Yes, we're currently using HFS.
Just to be clear, by PowerMacs you mean Macs with PowerPC chips, so
machines last produced around 2006?
Yes.
Have you checked that you can't boot them with HFS+? Because HFS+
came
Hi Vladimir!
On 8/19/22 21:45, Vladimir 'phcoder' Serbinenko wrote:
This kind of consideration was taken into account when designing security
system and
even when GRUB2 itself was designed. The solution is modules whitelist. There
are many
modules that can be dropped from signed build not
Hello!
On 8/19/22 21:04, Dimitri John Ledkov wrote:
There is no need for that code on any signed grubs or upstream. Ports that want
to
support this patch can have it conditionally compiled / enabled only on that
arch,
but not other.
That's not how open source works. Individual projects do
"Vladimir 'phcoder' Serbinenko" writes:
> No go from me either. Older macs may not be able to read HFS+ /boot. Also
> HFS+ presents couple of problems the biggest one is that in case of sudden
> reboot HFS+ often needs to be mounted by OSX or cleaning dirty flag
> manually before it becomes
>> As Daniel Axtens has been finding out, the HFS code is terrible in
>> terms of security. If you still need it for old/semi-dead machines,
>> maybe you should fork an older grub release and stay with that?
>
> I don't know what should be the deal with the security of a boot loader
> to be
"Vladimir 'phcoder' Serbinenko" writes:
> Le ven. 19 août 2022, 21:05, Dimitri John Ledkov <
> dimitri.led...@canonical.com> a écrit :
>
>> There is no need for that code on any signed grubs or upstream. Ports that
>> want to support this patch can have it conditionally compiled / enabled
>>
John Paul Adrian Glaubitz writes:
>> On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote:
>>
>> On Fri, Aug 19, 2022 at 11:38:26PM +1000, Daniel Axtens wrote:
>>> HFS is so so very old now. According to Wikipedia, HFS was
>>> introduced in 1985 and the successor HFS+ came out in January
>>> 1998.
Le ven. 19 août 2022, 21:05, Dimitri John Ledkov <
dimitri.led...@canonical.com> a écrit :
> There is no need for that code on any signed grubs or upstream. Ports that
> want to support this patch can have it conditionally compiled / enabled
> only on that arch, but not other.
>
> For example, in
There is no need for that code on any signed grubs or upstream. Ports that
want to support this patch can have it conditionally compiled / enabled
only on that arch, but not other.
For example, in Ubuntu we already use separate builds for signed & unsigned
bootloaders. Or one may keep grub-2.06
Le ven. 19 août 2022, 20:11, Steve McIntyre a écrit :
> On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz wrote:
> >> On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote:
> >>
> >> If I do not hear any major objections in the following weeks I will
> >> merge this patch or a
On 8/19/22 20:09, Steve McIntyre wrote:
On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz wrote:
On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote:
If I do not hear any major objections in the following weeks I will
merge this patch or a variant of it in the second half of
On Fri, Aug 19, 2022 at 04:03:38PM +0200, John Paul Adrian Glaubitz wrote:
>> On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote:
>>
>> If I do not hear any major objections in the following weeks I will
>> merge this patch or a variant of it in the second half of September.
>
>We’re still
No go from me either. Older macs may not be able to read HFS+ /boot. Also
HFS+ presents couple of problems the biggest one is that in case of sudden
reboot HFS+ often needs to be mounted by OSX or cleaning dirty flag
manually before it becomes writeable.
Le ven. 19 août 2022, 16:05, John Paul
> On Aug 19, 2022, at 3:59 PM, Daniel Kiper wrote:
>
> On Fri, Aug 19, 2022 at 11:38:26PM +1000, Daniel Axtens wrote:
>> HFS is so so very old now. According to Wikipedia, HFS was
>> introduced in 1985 and the successor HFS+ came out in January
>> 1998. Mac OS dropped support for writing HFS
On Fri, Aug 19, 2022 at 11:38:26PM +1000, Daniel Axtens wrote:
> HFS is so so very old now. According to Wikipedia, HFS was
> introduced in 1985 and the successor HFS+ came out in January
> 1998. Mac OS dropped support for writing HFS in 2009 and dropped
> support for reading HFS in 2019 with
HFS is so so very old now. According to Wikipedia, HFS was
introduced in 1985 and the successor HFS+ came out in January
1998. Mac OS dropped support for writing HFS in 2009 and dropped
support for reading HFS in 2019 with macOS 10.15.
Grub's support for it doesn't survive contact with a fuzzer,
25 matches
Mail list logo