[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re-enabling os-prober for live images?

On Mon, Mar 06, 2023 at 02:38:53PM +0000, Steve McIntyre wrote:
> jcc@debian.org wrote:
> >Since the grub 2.06 upload, os-prober is now disabled by default. This 
> >means that other operating systems are no longer detected and added to 
> >grub by default in Debian 12.

> >I haven't followed further on to which solution they went with, but 
> >since it's so late in the development cycle, wouldn't it make sense to 

> I'm also pondering tweaking things in d-i to re-enable os-prober if
> the system looks like it might have some other OS installed. Yes, I
> realise that may sound odd(!), but I can see a number of users
> complaining that their dual-boot system doesn't work any more... :-/

At this point, I'd just enable os-prober unconditionally, and think of a
wrapped solution for the future.  The "disable os-prober" change trades
a major usage regression for hardening an issue that can be trivially
exploited in a number of other ways anyway.

Our current current state of resistance against physical access is bad
enough that _today_ I'd say this sacrifice is not worth it.  I don't quite
see any short-term developments that would improve it (there's plenty of
snakeoil, disturbing DRM schemes, while no one bothers to deploy projects
that'd make physical security friendly to the user.  But /rant.).

Thus my suggestions would be either:
 * just re-enabling os-prober, or
 * checking if we're on an encrypted filesystem.
Your idea of checking whether there's a second OS installed has its merit,
but would mysteriously fail to offer boot choice if we're the old OS (ie,
possibly the one being replaced and kept just in case).

⣾⠁⢠⠒⠀⣿⡁ Q: Is it ok to combine wired, wifi, and/or bluetooth connections
⢿⡄⠘⠷⠚⠋⠀    in wearable computing?
⠈⠳⣄⠀⠀⠀⠀ A: No, that would be mixed fabric, which Lev19:19 forbids.

Reply to: