Most likely I'm going to add some sort of way to set values based on search criteria, somethiong like

[extractors.boot-disk.disk-uuid]
uuid = "MY_EXT4_BOOT_UUID"

then you will be able to specify a BLS path to generator like

$boot-disk\\loader\\entries

which will be scanned and generate entries

We have ext4 working via efifs!

Now I need to design how to handle multiple filesystems, but once that works, I can move on to BLS support, and then my hope is that I can boot my Fedora install with no options but an ext4 driver, root specification, and BLS generator declaration.

Fedora upgraded from 42 => 43

It is more than possible to do this :D

In fact, at Edera everything, including our hypervisor, is an OCI image. We even have a format for shipping kernels and initramfs.

Give it a few weeks and we will make it happen :D

Next on sprout: filesystem driver loading and auto detection (plus BLS support)

I'm so ready :D

Hello from the first physical system booted via sprout :)

Anyways, I've managed to make Linux load an initramfs that sprout preloads, which means we can start to have fun!

UEFI programming is something I wouldn't wish upon my worst enemy

I am also working on initramfs passing to Linux. I am currently thinking that sprout will support Linux 5.8+ only for EFI handover. The old handover protocol was janky and is deprecated.

Right now Linux can load the initramfs via initrd=\initramfs for the EFI stub, so even without sprout it works!

However, I think for the common case of ext4, we can use pure Rust code in the future and have a read-only FS view and provide the SimpleFilesystem protocol on top of it.

So, let's talk about filesystem drivers!

There is the lovely github.com/pbatard/EfiFs project that is compatible with sprout already and can provide access to every major filesystem, which will let you use mixed partition /boot (/boot and /boot/efi typically)

Sadly a bit sick after our Edera offsite last week, so I'm recovering by working on sprout!

Currently tracking down x86 boot weirdness. Nothing is ever simple on x86.

Finally about to go home after a 5 hour delay :)

the realities are: you can’t userns and eBPF your way out of shared kernel state, and threat actors will pay top dollar for kernel exploits

maybe creating a keygen is part of the challenge 😂

Your hacking contest requires a license key? Really? What are we doing here

She is a true inspiration for me! I grew up going to Dollywood in Pigeon Forge, and somehow in an odd way the way that place just felt welcoming to me despite being very clearly some form of queer at that age in the deep south :)

The problem with a challenge during a fixed time period with questionably set parameters designed to prevent anyone with any actual expertise compete is also that you aren't mitigating against that set of threat actors! You are mitigating for the possibilities you cannot consider!

What some people don't seem to understand is that the security boundary matters. And secure systems REQUIRE thinking in terms of unknown risks, not just the known ones.

This is why system design is critical.

even worse, personally gatekeep the access to only people you approve of by requiring licensing to do so

> announce a hacking contest for your product

> carefully craft the rules to exclude subject matter experts in your field

🐓🐓🐓

Are you in the Denver area? The Edera team is there this week and we're holding a little hardened RUN-time. 😉
Join us for a casual 5k, with run or walk groups depending on your preferred speed.
RSVP: luma.com/joajiim7

Thank you to @lhn.bsky.social for writing this and to @dnlfdz.bsky.social for also contributing!