06.11.2020 22:47, Hanson Char пишет: > Hi, > > Is check_signatures=enforce > <https://www.gnu.org/software/grub/manual/grub/grub.html#check_005fsignatures> > currently only supported on EFI platforms?
Initial implementation used detached PGP signature, and has absolutely nothing to do with EFI. Later verification framework was generalized and signature verification using shim protocol on EFI was implemented. So signature check based on shim protocol is supported only on EFI simply because it is EFI specific. Signature check in general is supported on any platform but the only generic method is detached PGP signature. > > I see this question has been asked before > <https://lists.gnu.org/archive/html/help-grub/2019-12/msg00006.html> but > there was no response. > > Regards, > Hanson >
