On Thu, Jul 08, 2021 at 03:31:15PM +0200, Daniel Kiper wrote: > On Thu, Jul 08, 2021 at 08:01:31PM +0800, Michael Chang via Grub-devel wrote: > > Hi Dimitri, > > > > On Thu, Jul 08, 2021 at 11:51:25AM +0100, Dimitri John Ledkov wrote: > > > Hi, > > > > > > The below mentioned commands are useful. Hence we need to debug this > > > further and establish further details about your setup. > > > > I think the problem here is that arm64 already uses LoadImage to verify > > the kernel image so the shim lock is not really required. IMHO the > > lockdown verifier should be relaxed for the arm platform as always will > > be a verifier (LoadImage) used to booting the kernel. > > To some extent you are right. However, please do not forget about > detached PGP signatures case.
Indeed. I should make it clear that this is specific to GRUB_FILE_TYPE_LINUX_KERNEL asked to be relaxed in the lockdown list for arm64. Thanks, Michael > > Daniel > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel