On Fri, Sep 12, 2025 at 08:46:18AM +0100, Peter Robinson via arm wrote: > On Thu, 11 Sept 2025 at 21:24, Dominik 'Rathann' Mierzejewski via arm > <[email protected]> wrote: > > > > I never said SecureBoot writes anywhere. I asked if the kernel prevents > > the OS from writing to SPI if SecureBoot is active. > > Why would it? That's not what secure boot does, it purely verifies the > next stage of the boot process.
Yes, but for that being still the case on the next boot you want make sure nobody goes replace your firmware with another version which skips the secure boot verification. Likewise the EFI variable storage must be protected to make sure nobody tampers with the certificate databases. take care, Gerd -- _______________________________________________ arm mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
