You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Maybe this is an example of seeing everything as a nail since we have a big hammer in objcopy.
I added support for stubby to use an 'allowed list' of command line arguments .
I occurs to me that that is a thing that might likely be changed (as it is, there is 'root=atomix' allowed, which is clearly not general purpose).
Should we allow putting that white list into the stubby.efi via objcopy? Then whoever is putting together a kernel/initrd can make the decision of what is acceptable. Ultimately, the list is signed by the signer, so its up to them what they want to do anyway.
I am somewhat weary of this running amuck into a general purpose "stuff configuration into stubby.efi" mechanism.
Thoughts?
Scott
The text was updated successfully, but these errors were encountered:
Maybe this is an example of seeing everything as a nail since we have a big hammer in
objcopy
.I added support for stubby to use an 'allowed list' of command line arguments .
I occurs to me that that is a thing that might likely be changed (as it is, there is 'root=atomix' allowed, which is clearly not general purpose).
Should we allow putting that white list into the stubby.efi via objcopy? Then whoever is putting together a kernel/initrd can make the decision of what is acceptable. Ultimately, the list is signed by the signer, so its up to them what they want to do anyway.
I am somewhat weary of this running amuck into a general purpose "stuff configuration into stubby.efi" mechanism.
Thoughts?
Scott
The text was updated successfully, but these errors were encountered: