--- Comment on attachment From daniel.axte...@ibm.com 2020-04-03 03:05
EDT---
Hi Seth,
Thanks, that was extremely helpful.
Nayna noticed that I was overly keen to lock things down - I should only
lock down in Secure mode: if a system is in Trusted mode only I
shouldn't lock it down.
--- Comment on attachment From daniel.axte...@ibm.com 2020-04-02 08:35
EDT---
Hi,
Thanks Nayna for the reminder to look at this again.
AFAICT, Canonical's Focal kernel sets up its non-upstreamed
secure-boot-enforces-lockdown support in the following set of commits:
(edited down from