David Howells <dhowe...@redhat.com> writes: > Andy Lutomirski <l...@kernel.org> wrote: > >> As far as I can tell, what's really going on here is that there's a >> significant contingent here that wants to prevent Linux from >> chainloading something that isn't Linux. > > You have completely the wrong end of the stick. No one has said that or even > implied that. You are alleging dishonesty on our part. > > What we *have* said is that *if* we want to pass the secure boot state across > kexec, then we have to make sure that: > > (1) no one tampers with the intermediate kernel between boot and kexec > otherwise the secure boot state is effectively invalidated, and > > (2) the image that gets kexec'ed is trusted. > > Remember: you cannot know (2) if you don't have (1). > > And if someone tampers with the aim of breaking, say, Windows, then someone, > e.g. Microsoft, might blacklist the shim.
*Wow* You just denied this isn't about not booting Windows and a few lines later said that is your concern. I was thinking I would have to dig up old archives where I had been told this before, but you just nicely repeated all of the old arguments so I don't see the point. Eric
