Skip to main content
Topic: Poetteringd wants to "improve" the boot process (Read 828 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Poetteringd wants to "improve" the boot process

I've just read this article, despite I don't have enough experience in the topic I don't know if this is a good idea based on the fame he's got by making disruptive changes on the ecosystem.

https://0pointer.de/blog/brave-new-trusted-boot-world.html

Artix Linux Colombia

Re: Poetteringd wants to "improve" the boot process

Reply #1
well, you already massively improved the boot process by not using sysd, and having a quick skim through the article, the bit that sticks out is under "Proposed Implementations & Current Status", multiple references to sysd tools.  Basically, not a particularly good idea (and seriously doubt it would be better after all the changes on a sysd machine, compared to a non-sysd machine anyway).   That's my take on it.    Avoid like the plague!

Re: Poetteringd wants to "improve" the boot process

Reply #2
What I really worry it's if we have to depend on other systemd-crapd component and make more fragmentation.
Artix Linux Colombia

Re: Poetteringd wants to "improve" the boot process

Reply #3
It does raise some good points (namely, even if you enable all of UEFI's security features, attackers can still replace initrd). If you trust UEFI and "evil initrd" is a concern, it's really an improvement.

Remote attestation would also be useful for corporations (either quick-checking if nobody's bugged their machines, or checking if desktop users haven't tampered with the kernel to get around DRM — the latter is why Linux users are given lower quality streams in Netflix/Amazon Prime/etc.).

Of course, "people will bug your machine when you aren't looking" isn't a reasonable concern for most Linux users (I guess most disable UEFI security outright since it locks you into MS Windows by default), and it'd lock you out of non-distro-approved custom kernels.

Quote
under "Proposed Implementations & Current Status", multiple references to sysd tools.

This and a few other posts "for security/simplicity (lol)/reproducibility" by Lennart Poettering pretty much imply that you should turn your distro into Fedora Silverblue and restructure your file system layout and package management around systemd.

Re: Poetteringd wants to "improve" the boot process

Reply #4
Grandmaster Pottering and his groupies seem to think that admins have nothing better to do than constantly swap network cards and boot their machines.

When I read articles describing that tomorrow everything has to be done differently than today or yesterday, I always think of the Linus.T gesture towards Nvidia.
Because contrary to what certain umbrella companies constantly claim, there are a lot of things that can't be done better.
"Wer alles kann, macht nichts richtig"

Artix USE="runit openrc slim openbox lxde gtk2 qt4 qt5 qt6 conky
-gtk3 -gtk4 -adwaita{cursors,themes,icons} -gnome3 -kde -plasma -wayland "

Re: Poetteringd wants to "improve" the boot process

Reply #5
Quote from: lq – on
Grandmaster Pottering and his groupies seem to think that admins have nothing better to do than constantly swap network cards and boot their machines.
That *they have nothing better to do than constantly swap stuff around  ;D
Because only someone with free time on his hands comes up with stuff like this

Re: Poetteringd wants to "improve" the boot process

Reply #6
corporations are the new feudal lords.
Cat Herders of Linux
 

Re: Poetteringd wants to "improve" the boot process

Reply #7
Quote from: jrballesteros05 – on
I've just read this article, despite I don't have enough experience in the topic I don't know if this is a good idea based on the fame he's got by making disruptive changes on the ecosystem.

https://0pointer.de/blog/brave-new-trusted-boot-world.html



Oh Lord of the Keyrings on high, have I got bad news for you: the word trust is nowhere to be found in my security dictionary.


Who, has loved us more?