On Tue, Sep 02, 2025 at 05:00:52PM +0200, Jan Beulich wrote:
> On 02.09.2025 16:44, Gerald Elder-Vass wrote:
> > + else
> > + {
> > + status = efi_bs->LocateProtocol(&shim_lock_guid, NULL, (void
> > **)&shim_lock);
> > + if ( EFI_ERROR(status) )
> > + PrintErrMesg(L"Failed to locate SHIM_LOCK protocol",
> > status);
>
> This is a behavioral change not justified in the description. Imo, if
> the original code was wrong, that would want to be a separate change
> anyway, so right here you want to retain original behavior. Simply
> consider the case of a shim-free boot, where neither of the two
> protocols would be available.Yes, as commented by Yann on v1, this change as is seems to break shim-free boot (well, technically UKI is shim-free and remain working, but you know what I mean). That needs to remain working, even if only in SecureBoot-free case. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
signature.asc
Description: PGP signature
