Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to t

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to t

From:	Daniel Kiper
Subject:	Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
Date:	Wed, 6 May 2020 15:33:06 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote:
> On Mon, May 4, 2020 at 4:25 PM Daniel Kiper <address@hidden> wrote:
> >
> > Otherwise the kernel does not know its state and cannot enable various
> > security features depending on UEFI Secure Boot.
>
> I think this needs more context. If the kernel is loaded via the EFI
> boot stub, the kernel is aware of the UEFI secure boot state. Why
> duplicate this functionality in order to avoid the EFI stub?

It seems to me that this issue was discussed here [1] and here [2].
So, if you want me to improve the commit message I am OK with that.

Additionally, FYI I am not happy with that patch too. So, if somebody
has better idea how to do that then I am happy to discuss it here.

Daniel

[1] https://lkml.org/lkml/2020/3/25/982
[2] https://lkml.org/lkml/2020/3/26/985

[Prev in Thread]

Current Thread

[Next in Thread]

[GRUB PATCH RFC 13/18] i386/slaunch: Add basic platform support for secure launch, (continued)
- [GRUB PATCH RFC 13/18] i386/slaunch: Add basic platform support for secure launch, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 14/18] i386/txt: Add Intel TXT definitions header file, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 17/18] i386/txt: Add Intel TXT verification routines, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 16/18] i386/txt: Add Intel TXT ACM module support, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 18/18] i386/slaunch: Add secure launch framework and commands, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 02/18] i386/msr: Rename grub_msr_read() and grub_msr_write(), Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 07/18] i386/tpm: Rename tpm module to tpm_verifier, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 08/18] i386/tpm: Add TPM TIS and CRB driver, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Daniel Kiper, 2020/05/04
  - Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Matthew Garrett, 2020/05/05
    - Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Daniel Kiper <=
    - Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Matthew Garrett, 2020/05/06
    - Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Daniel Kiper, 2020/05/07
- [GRUB PATCH RFC 15/18] i386/txt: Add Intel TXT core implementation, Daniel Kiper, 2020/05/04
  - Re: [GRUB PATCH RFC 15/18] i386/txt: Add Intel TXT core implementation, Krystian Hebel, 2020/05/22
- Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher, Lukasz Hawrylko, 2020/05/05
  - Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher, Daniel Kiper, 2020/05/07
    - Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher, Lukasz Hawrylko, 2020/05/13

Prev by Date: Re: [PATCH 1/3 v3] docs: Add grub command documentation checks
Next by Date: Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
Previous by thread: Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
Next by thread: Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel
Index(es):
- Date
- Thread