Em qui., 10 de jul. de 2025, 12:42, Gerd Hoffmann <kra...@redhat.com>
escreveu:

> On Wed, Jul 09, 2025 at 05:42:23PM +0200, Florian Weimer wrote:
> > * Gerd Hoffmann:
> >
> > >> At least for me it seems to be a extremely generic update that
> doesn't rely
> > >> on hardware specific characteristics as is with a full BIOS update.
> > >
> > > Correct.  It's literally just the new ms kek key with a pkcs7 signature
> > > from the hardware vendor's PK key.  No code update.
> >
> > Still it needs to go through QA because it has a significant risk of
> > corrupting the boot path.
>
> Sure.  It's a first in the secure boot world and has the potential to
> break a bunch of stuff.  Specifically I think with the boot signature
> chain changing some TPM PCR measurements will change too, so TPM being
> is used for LUKS disk encryption most likely is affected and will need
> some extra attention.
>

Would it be the same root cause from when every so often Microsoft releases
a update related to Secure Boot and Windows users get thrown into the
BitLocker recovery asking for a key that many of them have no idea how to
get? (And they also can't use the Microsoft account backup because they
have no access)


> But it shouldn't be the "broken bios update might brick the machine"
> level of risk.
>
> take care,
>   Gerd
>
> --
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to