[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to t
From: |
Daniel Kiper |
Subject: |
Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel |
Date: |
Thu, 7 May 2020 12:46:25 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Wed, May 06, 2020 at 11:36:49AM -0700, Matthew Garrett wrote:
> On Wed, May 6, 2020 at 6:33 AM Daniel Kiper <address@hidden> wrote:
> >
> > On Tue, May 05, 2020 at 10:29:05AM -0700, Matthew Garrett wrote:
> > > On Mon, May 4, 2020 at 4:25 PM Daniel Kiper <address@hidden> wrote:
> > > >
> > > > Otherwise the kernel does not know its state and cannot enable various
> > > > security features depending on UEFI Secure Boot.
> > >
> > > I think this needs more context. If the kernel is loaded via the EFI
> > > boot stub, the kernel is aware of the UEFI secure boot state. Why
> > > duplicate this functionality in order to avoid the EFI stub?
> >
> > It seems to me that this issue was discussed here [1] and here [2].
> > So, if you want me to improve the commit message I am OK with that.
>
> Yes, I think just providing an explanation for why it's currently
> necessary for you to duplicate this is reasonable.
Sure, will do!
Daniel
- [GRUB PATCH RFC 17/18] i386/txt: Add Intel TXT verification routines, (continued)
- [GRUB PATCH RFC 17/18] i386/txt: Add Intel TXT verification routines, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 16/18] i386/txt: Add Intel TXT ACM module support, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 18/18] i386/slaunch: Add secure launch framework and commands, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 02/18] i386/msr: Rename grub_msr_read() and grub_msr_write(), Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 07/18] i386/tpm: Rename tpm module to tpm_verifier, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 08/18] i386/tpm: Add TPM TIS and CRB driver, Daniel Kiper, 2020/05/04
- [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel, Daniel Kiper, 2020/05/04
[GRUB PATCH RFC 15/18] i386/txt: Add Intel TXT core implementation, Daniel Kiper, 2020/05/04
Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher, Lukasz Hawrylko, 2020/05/05