On Mon, 20 Feb 2023 15:06:46 -0500 Robbie Harwood <rharw...@redhat.com> wrote:
> Glenn Washburn <developm...@efficientek.com> writes: > > > If the configure option --enable-efi-debug is given, then enable the > > printing early in EFI startup of the command needed to load symbols > > for the GRUB EFI kernel. This is needed because EFI firmware > > determines where to load the GRUB EFI at runtime, and so the > > relevant addresses are not known ahead of time. > > Does this actually need to be configurable as opposed to always > enabled where applicable? I would want to turn it on in distro > builds, much like the similar patch we carry is. Daniel suggested to make it configurable, originally it wasn't. I could see someone annoyed with the flash of text and rather have it disabled. Personally, I don't care much. I don't think it makes sense to have the gdbinfo module configurable, it should always be enabled (which it isn't currently). Also, Daniel was concerned about this breaking silent boot. How does this affect things for you? > > This is not printed when secure boot is enabled. > > This will mean that any debugging first requires disabling secureboot. > That's potentially annoying and I'm not sure I see a security benefit > to doing so. This was also requested by Daniel, and I have no preference. I confess to not seeing a security benefit also. It also seems reasonable to think that it might. Perhaps Daniel has something specific in mind. Glenn _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel