On Tue, Apr 5, 2022 at 9:56 AM Florian Weimer <fwei...@redhat.com> wrote: > > * Peter Robinson: > > > This is out of context here because you can disable Secure Boot but > > still use UEFI to make that work. You're trying to link to different > > problems together. > > I think there's firmware out there which enables Secure Boot > unconditionally in UEFI mode, but still has CSM support.
The UEFI spec makes CSM and Secure Boot mutually exclusive. CSM enabled renders Secure Boot impossible. So I'm not sure how the firmware can simultaneously enforce Secure Boot, but then permit the loading of non-compliant bootloaders. That'd seem to be a Secure Boot break worthy of a firmware update. In particular if it's also possible to invoke CSM boot via NVRAM variables. -- Chris Murphy _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
