[syslinux] Embedding com32 modules and ldlinux.sys into one file

[H. Peter Anvin]

On January 19, 2016 12:24:50 PM PST, Tal Lubko <tallubko at yahoo.com> wrote:
>
>
>> -----Original Message-----
>> From: H. Peter Anvin [mailto:hpa at zytor.com]
>> Sent: Tuesday, January 19, 2016 9:17 PM
>> To: Tal Lubko; 'Celelibi'
>> Cc: 'For discussion of Syslinux and tftp-hpa'
>> Subject: Re: [syslinux] Embedding com32 modules and ldlinux.sys into
>> one file
>> 
>> On 01/19/16 00:07, Tal Lubko via Syslinux wrote:
>> >
>> > To summarize the answers, the option I see now are:
>> >
>> > 1) Exposing the bootloader in the BIOS as a (readonly) disk drive
>> using standard BIOS or EFI interfaces (hpa suggestion).
>> > This suggestion looks very promising. It probably requires some
>> changes in the BIOS. I'm not sure if it requires changes in the
>> bootloader.
>> > There is one potential problem I see: the bootloader is stored on
>> some flashrom chip and the Linux image is stored on a different
>storage
>> device.
>> > I think that right now the bootloader assumes they are stored on
>the
>> same storage device. Am I wrong?
>> > If I'm wrong, how do I tell the bootloader to load the Linux image
>> from a different storage device?
>> >
>> 
>> Why do you need this?  This seems like a strange requirement.
>> 
>> Why?  Because you want as much of the boot loader to be upgradable;
>> this is a major reason why doing as little in the hard-to-upgrade
>BIOS
>> makes sense.  If you have another storage device, why not use it?
>> 
>> 	-hpa
>> 
>
>Hi
>Security.
>Tal

I think you might find that security concern seriously misguided.  In fact, there probably is no meaningful security objective that this fulfills.

Secure boot is technically complicated, and again, you may want to simply invoke the Merkel directly as an EFI executable.
-- 
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.