Re: Boot environment tfor check

help-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Boot environment tfor check_signatures=enforce

From:	Andrei Borzenkov
Subject:	Re: Boot environment tfor check_signatures=enforce
Date:	Thu, 12 Nov 2020 23:09:40 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

06.11.2020 22:47, Hanson Char пишет:
> Hi,
> 
> Is check_signatures=enforce 
> <https://www.gnu.org/software/grub/manual/grub/grub.html#check_005fsignatures>
>  currently only supported on EFI platforms?

Initial implementation used detached PGP signature, and has absolutely
nothing to do with EFI. Later verification framework was generalized and
signature verification using shim protocol on EFI was implemented.

So signature check based on shim protocol is supported only on EFI
simply because it is EFI specific. Signature check in general is
supported on any platform but the only generic method is detached PGP
signature.

> 
> I see this question has been asked before 
> <https://lists.gnu.org/archive/html/help-grub/2019-12/msg00006.html> but 
> there was no response.
> 
> Regards,
> Hanson
>

[Prev in Thread]

Current Thread

[Next in Thread]

Boot environment tfor check_signatures=enforce, Hanson Char, 2020/11/06
- Re: Boot environment tfor check_signatures=enforce, Andrei Borzenkov <=

Prev by Date: "insmod normal" returning "unknown filesystem" in rescue shell
Next by Date: Re: "insmod normal" returning "unknown filesystem" in rescue shell
Previous by thread: Boot environment tfor check_signatures=enforce
Next by thread: "insmod normal" returning "unknown filesystem" in rescue shell
Index(es):
- Date
- Thread