there are cases in which people want to be able to apply new configuration after installation, especially in data centers. This fix is preventing people from being able to apply new configuration (e.g. create new users) by simply plugging a usb stick. On non-uki this is not preventing them from booting another OS from a usb stick (if that's enabled in the bios) and putting a config in /oem.
Let's just prevent loading datasources after installation, only in the case of uki for now.
In the future, when we have /oem encrypted in non-uki too, we can implement a config flag to prevent parsing the datasources so users choose what they want to happen.
https://github.com/kairos-io/packages/pull/1137/files
there are cases in which people want to be able to apply new configuration after installation, especially in data centers. This fix is preventing people from being able to apply new configuration (e.g. create new users) by simply plugging a usb stick. On non-uki this is not preventing them from booting another OS from a usb stick (if that's enabled in the bios) and putting a config in
/oem.Let's just prevent loading datasources after installation, only in the case of uki for now. In the future, when we have
/oemencrypted in non-uki too, we can implement a config flag to prevent parsing the datasources so users choose what they want to happen.