On Thu, Feb 10, 2022 at 02:13:43PM -0700, Chris Murphy wrote: > If you boot windows once a day, it's changing what, 1-4 bytes, per > day? The entry for Windows is already in NVRAM, it doesn't need to be > written each time. You're only changing the BootNext value that points > to the Windows entry (and then the firmware removes it).
Well the fact you are only rewriting nextboot with a few bytes is probably still a potential problem since from what I have seen, these simple SPI flash chips that seem to often be used tend not to have wear leveling. They don't expect a lot of writes. Ideally the UEFI NVRAM should be battery back ram, but that doesn't seem to be how a lot of systems actually implement it. If they expect you to install windows and run it, they don't need to support rewriting a lot. > This is not Secure Boot. It's measured boot. They're using the TPM to > measure the bootchain and make sure it hasn't been tampered with > before revealing the encryption key. If the user has written down the > recovery key, they can still boot from the BitLocker recovery window, > but that's an untenable default user experience following the > installation of a Linux distro. It's a 48 digit key. Oh right for bitlocker. Even more picky than secureboot. -- Len Sorensen _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
