Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel

From: Matthew Garrett
Date: Wed May 06 2020 - 14:37:05 EST

Next message: Peter Zijlstra: "Re: [patch V4 part 1 03/36] sched: Clean up scheduler_ipi()"
Previous message: Masahiro Yamada: "Re: [PATCH] scripts: fix deprecated always and hostprogs-y"
In reply to: Daniel Kiper: "Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel"
Next in thread: Daniel Kiper: "Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 6, 2020 at 6:33 AM Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:
>
> On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote:
> > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:
> > >
> > > Otherwise the kernel does not know its state and cannot enable various
> > > security features depending on UEFI Secure Boot.
> >
> > I think this needs more context. If the kernel is loaded via the EFI
> > boot stub, the kernel is aware of the UEFI secure boot state. Why
> > duplicate this functionality in order to avoid the EFI stub?
>
> It seems to me that this issue was discussed here [1] and here [2].
> So, if you want me to improve the commit message I am OK with that.

Yes, I think just providing an explanation for why it's currently
necessary for you to duplicate this is reasonable.

Next message: Peter Zijlstra: "Re: [patch V4 part 1 03/36] sched: Clean up scheduler_ipi()"
Previous message: Masahiro Yamada: "Re: [PATCH] scripts: fix deprecated always and hostprogs-y"
In reply to: Daniel Kiper: "Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel"
Next in thread: Daniel Kiper: "Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]