Strange filenames used in XO-4 secure boot path

[dsd]

Q7A13

false to require-signatures
" int:" load-from-list

Tries to boot from int:\4.zip and then int:\run44.zip

Also in this area, OFW r3291 removes support for filenames such as actos.zip, runos.zip, bootfw.zip - it looks like the 4 must now be included. I can see why that is a good idea for bootfw.zip (#12091) but it would be a minor pain to lose the ability to use actos/runos/actrd/runrd - both for the build system, and also annoying for users of e.g. the collection key (to be compatible with all laptops). Could this be revisited to keep "unversioned" act*.zip/run*.zip working? (Maybe it could simply try the versioned ones first?)

[wmb@…]

The "repeating 4's" problem has already been fixed - by svn 3315 on 9/18.

On the "how should it work" front, this is the sort of issue that I personally find so irritating - and that is the nice way of putting it - that I just can't deal with it. No matter what you do, someone will want it to work the other way. So what I propose is that you or some collection of people decide what should happen in every case, write it down in the form of a Wiki page with full rationale, and then when people later complain, we can point them to that page and the bugs they file will be reassigned to you.

Making it work differently for different types of files is do-able, but will be a pain in the ass to code and thus will probably be broken for awhile. This whole security jumble is already a pain in the ass because there are so many cases to consider.

Sorry to be snippy, but like I said, I really really really hate this kind of never-ending tweak-a-thon.

[dsd]

You're right - putting myself in your shoes and trying to write that wiki page made me get to grips with the situation. The decisions on what to support or not seem fairly arbitrary but it isn't as easy as it appears to come up with a final decision.

Anyway, I gave it some thought, thinking about what would be the cleanest and most logical solution, and came up with this: http://wiki.laptop.org/go/Firmware_zip_file_handling

The principles of this design are:

• It does what makes sense first and by default - it looks for machine-suffixed filenames
• It falls back on the old system for backwards compatibility, and for convenience (e.g. 1 collection stick filename works for all laptop models)

The changes needed in bundle-present? are:

• Always look for the version-suffixed filename first
• Always fall back on the unversioned names, even on XO-4

The original headache caused by #12091 is gone, since more recent software builds don't include the firmware image that caused the confusion/conflict. So it is safe to reinstate support for the bootfw.zip name in new firmware builds.

Also, as part of this, I have modified the OS build system to produce version-suffixed filenames (plus compat symlinks for XO-1/XO-1.5). So actually with that fix and your firmware fix, the original issue that caused me to open this bug is gone, but if you would like the opportunity to solidify and document this scheme, here it is :)

[dsd]

Seems to be working as intended with the test firmware q3c09ma. I tested with runos and runrd - with and without the versioned names, and then with both present (the versioned one was preferred). Looking good.

[Quozl]

Daniel, are you okay to close this one given the current releases of Open Firmware?

[dsd]

Yes, thanks.