33 lines
2.1 KiB
Markdown
33 lines
2.1 KiB
Markdown
|
# Limine's Design Philosophy
|
||
|
|
||
|
### Why not support filesystem X or feature Y? (eg: LUKS, LVM)
|
||
|
|
||
|
The idea with Limine is to remove the responsibility of parsing filesystems and formats, aside from the bare minimum necessities (eg: FAT*, ISO9660),
|
||
|
from the bootloader itself.
|
||
|
It is a needless duplication of efforts to have bootloaders support all possible filesystems and formats, and it leads to massive, bloated
|
||
|
bootloaders as a result (eg: GRUB2).
|
||
|
What is needed is to simply make sure the bootloader is capable of reading its own files, configuration, and be able to load kernel/module files
|
||
|
from disk. The kernel should be responsible for parsing everything else as it sees fit.
|
||
|
|
||
|
### What about LUKS? What about security? Encrypt the kernel!
|
||
|
|
||
|
Simply put, this is unnecessary. Putting the kernel/modules in a readable FAT32 partition and letting Limine know about their BLAKE2B checksums
|
||
|
in the config file provides as much security as encrypting the kernel does.
|
||
|
|
||
|
### What? But what if someone modifies the config file! Ha! You clearly have not thought about that!
|
||
|
|
||
|
We have. While this is a pointless effort on legacy x86 BIOS, it is a reasonable expectation on UEFI systems with Secure Boot. Limine provides a
|
||
|
way to modify its own EFI executable to bake in the BLAKE2B checksum of the config file itself. The EFI executable gets then enrolled or otherwise
|
||
|
verified by the Secure Boot loader through, eg., the shim project. This prevents modifications being done to the config file (and in turn the
|
||
|
checksums contained there) from going unnoticed.
|
||
|
|
||
|
### What about ext2/3/4? Why is that supported then?
|
||
|
|
||
|
Simply put, legacy. And because a lot of Linux users expect it to "work that way". It is not unreasonable for ext2/3/4 support to be eventually
|
||
|
dropped.
|
||
|
|
||
|
### But I don't want to have a separate FAT boot partition! I don't want it!!!
|
||
|
|
||
|
Well tough luck. It is `$year_following_2012` now and most PCs are equipped with UEFI and simply won't boot without a FAT EFI system partition
|
||
|
anyways. It is not unreasonable to share the EFI system partition with the OS's /boot and store kernels and initramfses there.
|