On Tue, Oct 31, 2023 at 07:19:13PM +0100, Daniel Kiper wrote: > On Wed, Jul 19, 2023 at 03:16:00PM +0200, Julian Andres Klode wrote: > > If validation has been disabled via MokSbState, secure boot on the > > firmware is still enabled, and the kernel fails to boot. > > > > This is a bit hacky, because shim_lock is not *fully* enabled, but > > it triggers the right code paths. > > > > Ultimately, all this will be resolved by shim gaining it's own image > > loading and starting protocol, so this is more a temporary workaround. > > > > Fixes: 6425c12cd (efi: Fallback to legacy mode if shim is loaded on x86 > > archs) > > > > Signed-off-by: Julian Andres Klode <julian.kl...@canonical.com> > > --- > > grub-core/kern/efi/sb.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c > > index 60550a6da..ea15d4514 100644 > > --- a/grub-core/kern/efi/sb.c > > +++ b/grub-core/kern/efi/sb.c > > @@ -95,6 +95,7 @@ grub_efi_get_secureboot (void) > > if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1) > > { > > secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; > > + shim_lock_enabled = true; > > I am not happy with this change but I understand we need it. So, I will > accept the change but it has to be marked as "TODO" thing in the comment. > Additionally, the comment has to explain why we need it. Please do not > forget CC distro maintainers and other folks who may be interested in > this change. If you do that you can add my RB.
I just found this email today while actively searching my notmuch for replies to my threads, it somehow got filtered out of the inbox. I do not know who to CC tbh. I do not have a giant list of grub maintainers from all distributions; and I would expect they'd be required to be subscribed here anyhow... -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel