Hey Bastian! On Wed, Dec 06, 2023 at 06:01:17PM +0100, Bastian Blank wrote: > >I would like do stop signing i386 kernels. > >- IA32 UEFI is basically non existent outside of the Apple world and > maybe some embedded stuff. >- i386 lacks many of the microarchitectural fixes that creeped in during > the last years. So those kernels are unsuitable for real world usage > of processors released in the last ten years. > >Install base of a IA32 EFI capable boot chain, as possible to see by >popcon (via grub-efi-ia32-signed): 178 > >Install base of a X64 EFI capable boot chain (via >grub-efi-amd64-signed): 71743
ACK. We're heading towards deprecating i386 as a full architecture anyway and just keeping it as a secondary arch for backwards compatibility for old programs, Wine, games etc. So I think this makes sense. We should publicise this for users and be consistent for all the EFI signed binaries - there's no point in signing i386 grub and fwupd or having a signed shim if we don't have a signed kernel. Agreed? -- Steve McIntyre, Cambridge, UK. st...@einval.com < Aardvark> I dislike C++ to start with. C++11 just seems to be handing rope-creating factories for users to hang multiple instances of themselves.