> On 13 Aug 2025, at 8:03 PM, Daniel Kiper <dki...@net-space.pl> wrote: > > On Tue, Aug 12, 2025 at 05:16:22PM +0530, Sudhakar Kuppusamy wrote: >>> On 12 Aug 2025, at 5:00 PM, Daniel Kiper <dki...@net-space.pl> wrote: >>> On Tue, Aug 12, 2025 at 10:30:55AM +0530, Sudhakar Kuppusamy wrote: >>>> Thank you Daniel. >>>> >>>>> On 11 Aug 2025, at 9:24 PM, Daniel Kiper <dki...@net-space.pl> wrote: >>>>> On Tue, Jul 29, 2025 at 08:21:46PM +0530, Sudhakar Kuppusamy wrote: >>> >>> [...] >>> >>>>>> + if (is_cert_removed_from_db (cert) == false) >>>>>> + err = grub_error (GRUB_ERR_EOF, >>>>>> + "not found certificate with CN:%s in the db >>>>>> list", cert->subject); >>>>> >>>>> First of all, I am not convinced the cert should be removed automatically >>>>> from the db. I think it would be better if it is documented it should be >>>>> done manually. However, if you convince me it should be done automatically >>>>> here then lack of cert in the db should not trigger an error... >>>> >>>> It is not automatically removing the cert from the db but does it manually >>>> when user try to remove distrusted cert via append_rm_dbx_cert command. >>> >>> So, I mean it should not happen then... >> >> The removal of certificate here is not persist accross the boots, it is only >> for the current boot. > > Ahhh... OK... You can ignore my comment then. Though I think it means > comments and/or code should be more clear about it...
Sure. Will add clear comments. > >> Also, this command accepts only signed certificates when secure boot is set >> to enabled. >> >> I do not understand “automatic" and “manual” from your previous comments. >> Could you please elabarate it. > > When I say "automatic" I mean here the command at once inserts a given > cert into dbx and removes it from the db. Thank you Daniel. > > Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
