On Tue, Aug 12, 2025 at 05:16:22PM +0530, Sudhakar Kuppusamy wrote: > > On 12 Aug 2025, at 5:00 PM, Daniel Kiper <dki...@net-space.pl> wrote: > > On Tue, Aug 12, 2025 at 10:30:55AM +0530, Sudhakar Kuppusamy wrote: > >> Thank you Daniel. > >> > >>> On 11 Aug 2025, at 9:24 PM, Daniel Kiper <dki...@net-space.pl> wrote: > >>> On Tue, Jul 29, 2025 at 08:21:46PM +0530, Sudhakar Kuppusamy wrote: > > > > [...] > > > >>>> + if (is_cert_removed_from_db (cert) == false) > >>>> + err = grub_error (GRUB_ERR_EOF, > >>>> + "not found certificate with CN:%s in the db > >>>> list", cert->subject); > >>> > >>> First of all, I am not convinced the cert should be removed automatically > >>> from the db. I think it would be better if it is documented it should be > >>> done manually. However, if you convince me it should be done automatically > >>> here then lack of cert in the db should not trigger an error... > >> > >> It is not automatically removing the cert from the db but does it manually > >> when user try to remove distrusted cert via append_rm_dbx_cert command. > > > > So, I mean it should not happen then... > > The removal of certificate here is not persist accross the boots, it is only > for the current boot.
Ahhh... OK... You can ignore my comment then. Though I think it means comments and/or code should be more clear about it... > Also, this command accepts only signed certificates when secure boot is set > to enabled. > > I do not understand “automatic" and “manual” from your previous comments. > Could you please elabarate it. When I say "automatic" I mean here the command at once inserts a given cert into dbx and removes it from the db. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
