Date: Mon, 30 Mar 2020 10:16:13 +0300 From: Konstantin Belousov <kib@freebsd.org> To: Nathan Whitehorn <nwhitehorn@freebsd.org> Cc: "Simon J. Gerraty" <sjg@juniper.net>, Kyle Evans <kevans@freebsd.org>, Rebecca Cran <rebecca@bsdio.com>, Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, FreeBSD Current <freebsd-current@freebsd.org>, bsd-lists@bsdforge.com Subject: Re: When will the FreeBSD (u)EFI work? Message-ID: <20200330071613.GF1992@kib.kiev.ua> In-Reply-To: <18df34fe-6256-6e68-ead5-481e83a501fe@freebsd.org> References: <318FDBAF-448F-4C55-A9A8-69D71A73E43B@me.com> <344e85545cfc47c9835fc5918e5b1dc1@udns.ultimatedns.net> <20200329211137.012a8fd62b58525b027bcfb6@dec.sakura.ne.jp> <40bacb99-d463-cbad-3ccf-b3ddd6856d10@bsdio.com> <CACNAnaF-5ZD-9Cu%2BBrNtWE-LCZsbhzoW=CwcLVZ-JGMM1QdVkQ@mail.gmail.com> <675a41c7-46c1-f548-b285-e5ede55db76a@freebsd.org> <16728.1585537356@kaos.jnpr.net> <18df34fe-6256-6e68-ead5-481e83a501fe@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 29, 2020 at 08:11:16PM -0700, Nathan Whitehorn wrote: > > > On 2020-03-29 20:02, Simon J. Gerraty wrote: > > Nathan Whitehorn <nwhitehorn@freebsd.org> wrote: > >> It's basically this that has been the problem: we need a way to manage > >> updates of the EFI loader in this situation, which we don't currently > >> have. The ESP needs to be mounted at a standard point, > >> installworld/freebsd-update/etc. need to know to replace files there, we > >> need to fall back cleanly on older systems, etc. The original (failed -- > > Actually if you are doing secure boot, the *last* thing you want is to > > update /efi/boot with an unsigned update. > > > > So I would think it should be done as a unique operation - do you don't > > do it accidentally. > > > > At least that's how I'm handling it for embedded devices. > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > > > The problem then is that we have treated loader as a > continuously-updatable part of the OS, like the kernel, and the update > system and development process assumes they get updated in sync. I do not see problems with boot1.efi. I use it in a way you described: I put it on ESP (in fact manually, but it does not matter) and only update loader.efi on /root. This works quite satisfactory for my updates 11->12-13 CURRENT and stable. I would highly prefer this model was not broken, whatever additional update options for loader are added. It is zero-maintaince for me.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200330071613.GF1992>