> On 12 Aug 2025, at 5:00 PM, Daniel Kiper <dki...@net-space.pl> wrote: > > On Tue, Aug 12, 2025 at 10:30:55AM +0530, Sudhakar Kuppusamy wrote: >> Thank you Daniel. >> >>> On 11 Aug 2025, at 9:24 PM, Daniel Kiper <dki...@net-space.pl> wrote: >>> On Tue, Jul 29, 2025 at 08:21:46PM +0530, Sudhakar Kuppusamy wrote: > > [...] > >>>> + if (is_cert_removed_from_db (cert) == false) >>>> + err = grub_error (GRUB_ERR_EOF, >>>> + "not found certificate with CN:%s in the db list", >>>> cert->subject); >>> >>> First of all, I am not convinced the cert should be removed automatically >>> from the db. I think it would be better if it is documented it should be >>> done manually. However, if you convince me it should be done automatically >>> here then lack of cert in the db should not trigger an error... >> >> It is not automatically removing the cert from the db but does it manually >> when user try to remove distrusted cert via append_rm_dbx_cert command. > > So, I mean it should not happen then...
The removal of certificate here is not persist accross the boots, it is only for the current boot. Also, this command accepts only signed certificates when secure boot is set to enabled. I do not understand “automatic" and “manual” from your previous comments. Could you please elabarate it. Thanks, Sudhakar > > Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel