Wanted to follow up on this--was away from my desk because of holidays in the US. I did open an issue on github: https://github.com/systemd/systemd/issues/25548
Thank you for your help here, Lennart. Thanks, --Daniel On Wed, Nov 23, 2022 at 12:32 PM Lennart Poettering <lenn...@poettering.net> wrote: > > On Mi, 23.11.22 17:56, Lennart Poettering (lenn...@poettering.net) wrote: > > > > If this is a bug, I'd be willing to attempt a pull request submission > > > if a suggested fix is given. Overall we like the functionality > > > sd-boot provides and the integration with systemd, but this is likely > > > a hard requirement for our use case. > > > > Yes please file an issue on github first, and this does sound a lot > > like something we should fix, hence a PR that addresses this would be > > more than welcome, too. > > BTW, I think we should treat an EFI binary like a system we can't boot > as per the boot assessment logic. i.e. whenever we fail to invoke a > binary (regardless if the reason is the security check or something > else), then we should count down it's counters, and then stop using it > once it hits zero. > > i.e. i think this should hook into the logic described in > https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT > > Lennart > > -- > Lennart Poettering, Berlin
