On Friday, June 5, 2020 4:32:55 PM MST Przemek Klosowski via devel wrote: > On 6/4/20 1:36 AM, John M. Harris Jr wrote: > > > On Wednesday, June 3, 2020 9:05:22 PM MST Chris Murphy wrote: > > > >> UEFI Secure Boot doesn't prevent you from gaining access to firmware > >> setup. It can cause some options in firmware setup to become > >> unavailable, e.g. compatibility support modules for presenting a > >> legacy BIOS. I'm skeptical that pin shorts permit you to gain access > >> to such things - but if so, it's clearly a vulnerability that should > >> be reported. > > > > This is by design. Generally, there's a marking on the silkscreen with > > something like "PWD" or "PASSWD" to mark it. > > I seem to remember reading that resetting the firmware away from secure > modes also wipes the secure TPM storage, so that you effectively wipe > the machine to factory-fresh state. On some systems, that is the case. I've found that it's pretty rare, but I don't have any real data to base that on, it's anecdotal. That doesn't matter for Fedora, you can still boot the same system you installed with Secure Boot enabled without it enabled. -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
