On Thu, Aug 04, 2022 at 10:29:12AM +0100, Daniel P. Berrangé wrote:
> On Thu, Aug 04, 2022 at 03:32:32AM -0500, Andrea Bolognani wrote:
> > On Wed, Aug 03, 2022 at 05:29:15PM +0100, Daniel P. Berrangé wrote:
> > > On Wed, Aug 03, 2022 at 06:15:24PM +0200, Andrea Bolognani wrote:
> > > >
> > > >
On Thu, Aug 04, 2022 at 03:32:32AM -0500, Andrea Bolognani wrote:
> On Wed, Aug 03, 2022 at 05:29:15PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Aug 03, 2022 at 06:15:24PM +0200, Andrea Bolognani wrote:
> > >
> > >
> > > +
> > >
> > >
> > >
> >
> > If we want se
On Wed, Aug 03, 2022 at 05:29:15PM +0100, Daniel P. Berrangé wrote:
> On Wed, Aug 03, 2022 at 06:15:24PM +0200, Andrea Bolognani wrote:
> >
> >
> > +
> >
> >
> >
>
> If we want secureboot disabled, this looks wrong. It just enables
> secureboot, but without any key
On Wed, Aug 03, 2022 at 06:15:24PM +0200, Andrea Bolognani wrote:
> It should be enough to enable or disable the enrolled-keys feature
> to control whether Secure Boot is enforced, but there's a slight
> complication: many distro packages for edk2 include, in addition
> to general purpose firmware
It should be enough to enable or disable the enrolled-keys feature
to control whether Secure Boot is enforced, but there's a slight
complication: many distro packages for edk2 include, in addition
to general purpose firmware images, builds that are targeting the
Confidential Computing use case.
Fo