On Sun, Aug 30, 2015 at 4:15 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote: > On 08/30/2015 05:27 AM, Tom H wrote: >> >> Crippling an upstream tool is beyond anything other distros patch. > > > It's not crippled. The efi modules are packaged separately. If you know > that you want to run grub2-install, then you need to install the > "grub2-efi-modules" package. When you run grub2-install, it will rebuild > /boot/efi/EFI/fedora/grubx64.efi. The bootloader will no longer be signed, > and the system will no longer boot in Secure Boot mode. All of this is > standard, upstream behavior. Yeah it becomes standard upstream behavior if you install grub2-efi-modules and then grub2-install. Otherwise it's distinctly non-standard, but the GNU folks and by extension the GRUB folks, are stuck with no actual built-in Secure Boot support. All of that gets added on at the distro level. Upstream hasn't incorporated any of this, and last time I check (year or so) they explicitly had no intention of doing so and instead depend on gnupg signatures for code verification. -- Chris Murphy -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
