[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to boot Windows when Bitlocker enabled with key sealed in TPM
From: |
Lennart Sorensen |
Subject: |
Re: How to boot Windows when Bitlocker enabled with key sealed in TPM |
Date: |
Thu, 10 Feb 2022 09:48:57 -0500 |
On Mon, Feb 07, 2022 at 04:48:43PM -0700, Chris Murphy wrote:
> One idea I've heard floated is, having GRUB alter efivars such that
> BootNext is changed to do a one time boot of Windows, instead of using
> chainloader. If BIOS, use chainloader as now. If UEFI, set BootNext
> efi variable? This has the benefit of working even on UEFI systems
> which aren't BitLocker encrypted.
>
> Can GRUB modify efivars now? If not, what work would be needed to
> enable GRUB to modify efivars? Alternatives?
I am pretty sure I have read of cases where systems used such low quality
flash for their UEFI variables that they broke after being written too
many times. I think Ubuntu had a bug that caused it to rewrite some
UEFI variable ever boot that initially spotted the problem or something
like that. Cheap flash is often 10000 writes or even less in some cases.
But rewriting the variable each time you boot sounds like a "Don't do
that" thing.
--
Len Sorensen