I tried to submit a patch some time ago, where you can get SecureBoot and SetupMode variables from GRUB shell and config file: http://lists.gnu.org/archive/html/grub-devel/2016-01/msg00078.html
It was abandoned for some reason. Also, I think recent patches proposed by Matthew Garrett also allow to do this On Fri, Feb 17, 2017 at 8:17 AM, Dennis Wassenberg < dennis.wassenb...@secunet.com> wrote: > Hi, Daniel, > > On 16.02.2017 23:03, Daniel Kiper wrote: > > On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote: > >> Hi all, > >> > >> I have a question regarding grub2 in relation with UEFI secure boot. I > >> do use a grub2 efi binary which is signed with sbsigntools. If the grub2 > >> starts I think there is in general no information about that the grub2 > >> is booted in secure boot environment. > > > > Why do you need that? > Just to show that it is booted in secure mode. In general there are only > a few devices which shows at the beginning that secureboot is active. So > maybe it makes sense to show it at the booted efi application. If a user > is interested in knowing if it is active or not he has to enter the > Setup. In case of Lenovo there it is not shown directly if secureboot is > active or not. At the secureboot tab there is shown that secureboot is > enabled or not and if secureboot is in custom mode or setup mode. I > believe that not every user known what this means. Thats why I think a > hint if secureboot is currently active or not would make sense. > > > >> Is there a possibility to show that in grub2? I found no way to do that. > > > > If there is an use case why not. > Would this be a use case? > > > >> Are you interested in having the possibility to show the uefi secure > >> boot status (e.g. EFI variable secureboot)? > > > > I am going to work on shim protocol verification for Multiboot2 > > compatible images. I hope that it will be taken into GRUB2 2.03. > Ah ok. > > > > Daniel > > Thank you for your response. > > Best regards, > Dennis > > > > _______________________________________________ > > Grub-devel mailing list > > Grub-devel@gnu.org > > https://lists.gnu.org/mailman/listinfo/grub-devel > > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
