Michael Stone michael at laptop.org
Thu Aug 27 10:42:12 EDT 2009

>2009/8/27 Martin Langhoff <martin at laptop.org>:
>>> 4. sig02 leases are still unsupported in the latest OpenFirmware, but
>>> it looks like we have renewed interest in getting this finished off,
>>> so no initramfs changes will be needed in this area.
>> Here Daniel skips the fact that there is a homely but IMO valid patch
>> that -- when OFW tells us <activate> -- rechecks the filesystem for a
>> valid lease before trying to activate.
>> This is a good thing if we assume that the initramfs can evolve faster
>> than OFW, =A0and the case "OFW doesn't recognise this sig format but
>> Initramfs does" is a valid one.
>Except, unless I missed something in the last discussion, we don't
>fully understand why the system was ever designed like this. So I'm
>making the assumption that there is something important that we aren't

Here is my recollection of the design thinking at the time:

OFW knows how to examine activation leases as a common-case optimization in
order to try to make booting faster. When OFW doesn't understand or can't find
a lease, it should hand the lease to the (authenicated) initramfs, which is the
last authority on whether or not to hand control to userland.

We picked the initramfs as the site of this authority for three reasons:

   1. because people who can update OFW are scarcer and more frequently on other
      critical paths than people who can update an initramfs

   2. because we have a working limited rollback feature for the
      kernel+initramfs already implemented in the firmware

   3. because it seemed easier to Scott at the time to deal with communications
      with the environment from Linux than from OFW

Regards, and keep up the good work,


P.S. - I will try to make time to assist you with a more serious review per
your earlier request.

