> > On my machine I see Dell firmware storing diagnostic logs on the ESP,
> > disclosing sensitive information around hardware state, that normally a
> > non-root user would not be able to find out.
>
> This, however, is persuasive. Of course the ESP can only have one set of
> permissions for all files present, so the security settings need to be as
> strict as required for the most sensitive files that may be present.
>
Putting Dell aside, in Ubuntu Core we put the vmlinuz used for the recovery on the ESP. And to keep kernel image be readable only by root ubuntu-seed / ESP needs to have strict requirements.
Also I see other distributions putting things on ESP, i.e. grub.cfg and vmlinuz on ESP too.
If we want unreadable kernel, we thus should have unreadable ESPs.
> > On my machine I see Dell firmware storing diagnostic logs on the ESP,
> > disclosing sensitive information around hardware state, that normally a
> > non-root user would not be able to find out.
>
> This, however, is persuasive. Of course the ESP can only have one set of
> permissions for all files present, so the security settings need to be as
> strict as required for the most sensitive files that may be present.
>
Putting Dell aside, in Ubuntu Core we put the vmlinuz used for the recovery on the ESP. And to keep kernel image be readable only by root ubuntu-seed / ESP needs to have strict requirements.
Also I see other distributions putting things on ESP, i.e. grub.cfg and vmlinuz on ESP too.
If we want unreadable kernel, we thus should have unreadable ESPs.