On Thu, Jul 08, 2021 at 03:31:15PM +0200, Daniel Kiper wrote:
> On Thu, Jul 08, 2021 at 08:01:31PM +0800, Michael Chang via Grub-devel wrote:
> > Hi Dimitri,
> >
> > On Thu, Jul 08, 2021 at 11:51:25AM +0100, Dimitri John Ledkov wrote:
> > > Hi,
> > >
> > > The below mentioned commands are useful. Hence we need to debug this
> > > further and establish further details about your setup.
> >
> > I think the problem here is that arm64 already uses LoadImage to verify
> > the kernel image so the shim lock is not really required. IMHO the
> > lockdown verifier should be relaxed for the arm platform as always will
> > be a verifier (LoadImage) used to booting the kernel.
> 
> To some extent you are right. However, please do not forget about
> detached PGP signatures case.

Indeed. I should make it clear that this is specific to
GRUB_FILE_TYPE_LINUX_KERNEL asked to be relaxed in the lockdown list for
arm64.

Thanks,
Michael

> 
> Daniel
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to