Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-09 Thread Michael Chang via Grub-devel
On Tue, Mar 09, 2021 at 07:45:55PM +0100, Thomas Frauendorfer wrote: > On Mon, Mar 8, 2021 at 5:59 AM Michael Chang via Grub-devel > wrote: > > > > On Fri, Mar 05, 2021 at 01:49:00PM +, Dimitri John Ledkov wrote: > > > On Fri, Mar 5, 2021 at 1:34 PM Michael Chang wrote: > > > > > > > > On Fri

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-09 Thread Thomas Frauendorfer
On Mon, Mar 8, 2021 at 5:59 AM Michael Chang via Grub-devel wrote: > > On Fri, Mar 05, 2021 at 01:49:00PM +, Dimitri John Ledkov wrote: > > On Fri, Mar 5, 2021 at 1:34 PM Michael Chang wrote: > > > > > > On Fri, Mar 05, 2021 at 12:21:49PM +, Dimitri John Ledkov wrote: > > > > This is not

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-07 Thread Michael Chang via Grub-devel
On Fri, Mar 05, 2021 at 01:49:00PM +, Dimitri John Ledkov wrote: > On Fri, Mar 5, 2021 at 1:34 PM Michael Chang wrote: > > > > On Fri, Mar 05, 2021 at 12:21:49PM +, Dimitri John Ledkov wrote: > > > This is not an oversight but intentional. > > > > > > Currently there is no chainloader supp

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-05 Thread Dimitri John Ledkov
On Fri, Mar 5, 2021 at 1:34 PM Michael Chang wrote: > > On Fri, Mar 05, 2021 at 12:21:49PM +, Dimitri John Ledkov wrote: > > This is not an oversight but intentional. > > > > Currently there is no chainloader support with SBAT as further > > development is required to ensure policy is applied

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-05 Thread Dimitri John Ledkov
This is not an oversight but intentional. Currently there is no chainloader support with SBAT as further development is required to ensure policy is applied correctly. Once SBAT support for chainloading is defined, it will be introduced. And yes it is intended to continue to allow "boot windows"

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-05 Thread Michael Chang via Grub-devel
On Fri, Mar 05, 2021 at 12:21:49PM +, Dimitri John Ledkov wrote: > This is not an oversight but intentional. > > Currently there is no chainloader support with SBAT as further > development is required to ensure policy is applied correctly. Once > SBAT support for chainloading is defined, it w

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-05 Thread Michael Chang via Grub-devel
On Fri, Mar 05, 2021 at 01:32:57PM +0100, Thomas Frauendorfer wrote: > On Fri, Mar 5, 2021 at 1:12 PM Michael Chang via Grub-devel > wrote: > > > > While attempting to dual boot Microsoft Windows with efi chainloader, it > > failed with below error when secure boot was enabled. > > > > error ../..

Re: [PATCH] Add chainloaded image as shim's verifiable object

2021-03-05 Thread Thomas Frauendorfer
On Fri, Mar 5, 2021 at 1:12 PM Michael Chang via Grub-devel wrote: > > While attempting to dual boot Microsoft Windows with efi chainloader, it > failed with below error when secure boot was enabled. > > error ../../grub-core/kern/verifiers.c:119:verification requested but > nobody cares: /EFI/Mic