Just wanted to post this here. Saw this today surrounding Ubuntu's proposed GRUB changes in 26.10.
Streamlining secure boot for 26.10 - Project Discussion / Foundations - Ubuntu Community Hub
They are... controversial, to say the least. It removes so many features that are quite commonly used, that I'm surprised they haven't just decided to switch bootloaders altogether.
It is important to remember that a proposal suggested is not the same as "Being seriously considered."
A person can propose that Snap be removed from Ubuntu; Someone on the internet could see this proposition and say "Ubuntu is thinking about dropping Snap."
We all know Ubuntu is not dropping Snap.
That said; examining Juliank's claims, I literally am going to focus on only one of them since the rest is self explanitory:
- We do not use images, but using that in your grub.cfg locally is a massive security risk (if even still allowed)
This is an untrue statement and pure alarmism. By the very way it is written, it is abundantly clear that Juliank is well aware of the fact the statement is untrue, and therefor he pads it with qualifiers like "massive" and "(if even still allowed)".
That last addition is the most glaring. By his own proposal, he must be fully aware that it is still allowed. It is a sensationalist tactic - to suggest it is unthinkable that option has remained this long, even.
And yet... It is completely untrue.
First: These proposals are for Secure Boot Grub.
With this knowledge, we know that this is in relation to Secure Boot being in use.
An Image file, technically, could be exploited by a specially crafted image that acts as a binder for another program, except that deploying it would require Local Root access; And Secure Boot disabled; And Unsigned /boot; all of which are the very things in place to prevent that possible vector.
To put this in perspective, Any file in grub has that "technical" ability. Any.
There are few, if any, documented vulnerabilities in this supposed vector, due to the very fact it is so protected.
This pales in comparison to parsers for filesystems or compressed modules, which are directly read by GRUB at boot.
Logically then, if that vector is so ridiculous; why propose it?
There are three reasons that come to mind that are strong:
The apologies at the end:
Remove btrfs, hfsplus, xfs, zfs
We understand these are controversial options;
When a person admits that they are raising a controversial topic; they also by extension are admitting that they will overstate or inflate their case expecting resistance.
"Controversial" means; We know that the end users; you know... the ones that matter most; Do Not Want This. But we do, so stuff 'em.
Completely agree on basically all your points you've put. I tend to see it as a shoot for the moon type deal as well, seeing as it takes away such basic stuff that I'm just scratching my head as to why not just go further and not support Grub at that point?
There are a lot of discussions going on in the thread itself that brings up a lot of good points as well, including other Ubuntu variant devs, with them concluding the same that these things need to be elaborated on further, rather than just saying "for security" and ending it at that.
Just like things online requiring ID because "think of the children". Because that's definitely the end goal of that...
Children are a Massive Security Risk.
I asked myself the same until I've read an Article where was mentioned why not go to systemd-boot for Example. And there was mentioned that this would be a bad Idea because GRUB seems to support EFI and Legacy BIOS. And systemd-boot only supports EFI.
I think the real problem is, many Linux developers got a taste of profits, through backdoor deals. Much like how Microslop caved to Linux, and pushes its Secure Boot on Linux. What I see, and @Aravisian obviously sees, is Linux slowly becoming Microslop. We moved to Linux to get away from them, and end up back where we started. If a Linux developer were not being paid to become corrupt, there would be no motivation to push this level of control on people.
(1) First and foremost, where is Zorin Lite, we were supposed to have one last iteration of Lite. OS 18 released almost 6 months ago?
(2) Will the Zorin team allow Gnome 50 to poison the current distribution of OS 18?
(3) OS 18 is full of issues, and forced Wayland by default, compounds the issues.
(4) What I do know for certain, the Zorins decisions already lost me, with their decision to get rid of Lite, and if Gnome 50 allowed, were going to be done at that point.
I'm already considering Mint as my next logical distro. They have a larger team, that from what I can tell, do a much better job communicating with their userbase, and make better decisions.
I tried POP OS for a year, and I didn't like how they kept pushing latest and greatest, breaking my system, or insuring older computers couldn't use it. They are at the top of the chopping block, when it comes to pushing Gnome 50, ya well, that aint gonna work for me.
To wrap this all up, we switched to Linux to have the freedom of choice, not to have the choice taken away from us, so we end back where we started with Microslop.
Zorin 18 will not get Gnome 50. It will stay on Gnome 46 until the next Mayor Release (Zorin 19). Then Gnome 50 will come to us here.
I guess, it simply needs more Time. the People already complaining about Issues. So, maybe they take more Time to offer on Lite a smoother Experience.
