Re: [PATCH v2] efi: Set shim_lock_enabled even if validation is disabled

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] efi: Set shim_lock_enabled even if validation is disabled

From:	Daniel Kiper
Subject:	Re: [PATCH v2] efi: Set shim_lock_enabled even if validation is disabled
Date:	Wed, 29 Nov 2023 20:34:21 +0100
User-agent:	NeoMutt/20170113 (1.7.2)

On Tue, Nov 21, 2023 at 06:09:59PM +0100, Julian Andres Klode wrote:
> If validation has been disabled via MokSbState, secure boot on the
> firmware is still enabled, and the kernel fails to boot.
>
> This is a bit hacky, because shim_lock is not *fully* enabled, but
> it triggers the right code paths.
>
> Ultimately, all this will be resolved by shim gaining it's own image
> loading and starting protocol, so this is more a temporary workaround.
>
> Fixes: 6425c12cd (efi: Fallback to legacy mode if shim is loaded on x86 archs)
>
> Cc: Peter Jones <pjones@redhat.com>
> Cc: Michael Chang <mchang@suse.com>
> Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2] efi: Set shim_lock_enabled even if validation is disabled, Julian Andres Klode, 2023/11/21
- Re: [PATCH v2] efi: Set shim_lock_enabled even if validation is disabled, Daniel Kiper <=

Prev by Date: Re: [PATCH v4] grub-install: Delay copying files to {grubdir, platdir} after install_device was validated.
Next by Date: Re: [PATCH v2 0/3] Bli: fix hidden module dependency
Previous by thread: [PATCH v2] efi: Set shim_lock_enabled even if validation is disabled
Next by thread: [PATCH v2] grub-install: Delay copying files to grubdir after install_device was validated.
Index(es):
- Date
- Thread