On Mon, Jun 30, 2014 at 10:35:17PM -0600, Chris Murphy wrote: > > On Jun 30, 2014, at 4:20 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > > On Mon, Jun 30, 2014 at 03:09:01PM -0600, Chris Murphy wrote: > > > >> Ok for long term. In the next two weeks before freeze is it possible > >> to modify the grub2-efi package spec file GRUB_MODULES= so that the > >> grux64.efi has xnu, xnu_uuid, xnu_uuid_test modules baked in? That > >> would fix the main problem in bug 893179 so that the first two OS X > >> entries would then have a chance of working. > > > > Not unless somebody writes signature checking support for them, no. > > Ahh. So without that, it'd be possible to execute arbitrary code masquerading as xnu on a Secure Boot system? Yeah. One option would be to just disable the code if secure boot is enabled - Macs don't implement it, so that would be fine for basically every real world case. But I'd still prefer to chain the Apple bootloader rather than fiddling with XNU. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
