Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
On Wed, May 6, 2020 at 6:33 AM Daniel Kiper wrote: > > On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote: > > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper wrote: > > > > > > Otherwise the kernel does not know its state and cannot enable various > > > security features depending on UEFI Secure Boot. > > > > I think this needs more context. If the kernel is loaded via the EFI > > boot stub, the kernel is aware of the UEFI secure boot state. Why > > duplicate this functionality in order to avoid the EFI stub? > > It seems to me that this issue was discussed here [1] and here [2]. > So, if you want me to improve the commit message I am OK with that. Yes, I think just providing an explanation for why it's currently necessary for you to duplicate this is reasonable. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote: > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper wrote: > > > > Otherwise the kernel does not know its state and cannot enable various > > security features depending on UEFI Secure Boot. > > I think this needs more context. If the kernel is loaded via the EFI > boot stub, the kernel is aware of the UEFI secure boot state. Why > duplicate this functionality in order to avoid the EFI stub? It seems to me that this issue was discussed here [1] and here [2]. So, if you want me to improve the commit message I am OK with that. Additionally, FYI I am not happy with that patch too. So, if somebody has better idea how to do that then I am happy to discuss it here. Daniel [1] https://lkml.org/lkml/2020/3/25/982 [2] https://lkml.org/lkml/2020/3/26/985 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
