Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Thu, Apr 7, 2022 at 4:18 PM Florian Weimer <fweimer@xxxxxxxxxx> wrote:
* Chris Murphy:

> On Thu, Apr 7, 2022 at 2:54 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote:
>>
>> * Chris Murphy:
>>
>> > On Tue, Apr 5, 2022 at 9:56 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote:
>> >>
>> >> * Peter Robinson:
>> >>
>> >> > This is out of context here because you can disable Secure Boot but
>> >> > still use UEFI to make that work. You're trying to link to different
>> >> > problems together.
>> >>
>> >> I think there's firmware out there which enables Secure Boot
>> >> unconditionally in UEFI mode, but still has CSM support.
>> >
>> > The UEFI spec makes CSM and Secure Boot mutually exclusive. CSM
>> > enabled renders Secure Boot impossible. So I'm not sure how the
>> > firmware can simultaneously enforce Secure Boot, but then permit the
>> > loading of non-compliant bootloaders.
>>
>> I meant that without CSM, Secure Boot is always enabled.  I don't know
>> if Fedora UEFI installations work on such systems when CSM is enabled.
>
> CSM enabled systems get a BIOS GRUB installation just as if it was a
> system without UEFI. The system gets an MBR, GRUB boot code in MBR,
> GRUB stage 2 in the MBR gap, etc.

Okay, then Secure Boot is mandatory on these systems as far as Fedora is
concerned once Fedora removes BIOS support, just as I suspected.

There are some Acer systems that make it harder to disable secure boot, but it's still possible. I've not heard of cases where you cannot at all disable secure boot.
 
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


--
Jared Dominguez (he/him)
Software Engineering Manager
New Platform Technologies Enablement team
RHEL Workstation Engineering

If I am emailing outside of business hours (mine or yours), it is my choice and does not mean I expect you to respond today.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux