> You don’t allow access to the bootloader from any kernel, thereby afford a relative security in starting 2nd stage
You install and update the bootloader and its configuration from your running linux system.
In this new world, you would also update the kernel from your running linux system. That's the same, right? To update the kernel, you need to update bootloader configuration anyway, so it's obviously required that the running system can at least update the kernel, and that's true either way.
> Bricking (or worse, malicious kernel) seems more a possibility with upcoming Redhat design.
If your kernel is malicious, it's game over whether or not you're using grub, right? Like, that doesn't seem like a new threat model.
I don't really care about bricking because, frankly, I've made my system unbootable via grub bugs more often than I have through kernel bugs, and the kernel developers seem to take these bugs more seriously, so I feel like bricking is a possibility with either design, but less likely without grub.
Either way, I need to have a liveusb off to the side to fix these issues.
> You don’t allow access to the bootloader from any kernel, thereby afford a relative security in starting 2nd stage
You install and update the bootloader and its configuration from your running linux system.
In this new world, you would also update the kernel from your running linux system. That's the same, right? To update the kernel, you need to update bootloader configuration anyway, so it's obviously required that the running system can at least update the kernel, and that's true either way.
> Bricking (or worse, malicious kernel) seems more a possibility with upcoming Redhat design.
If your kernel is malicious, it's game over whether or not you're using grub, right? Like, that doesn't seem like a new threat model.
I don't really care about bricking because, frankly, I've made my system unbootable via grub bugs more often than I have through kernel bugs, and the kernel developers seem to take these bugs more seriously, so I feel like bricking is a possibility with either design, but less likely without grub.
Either way, I need to have a liveusb off to the side to fix these issues.