On Mon, Sep 19, 2022, at 2:45 PM, Robbie Harwood wrote: > I'm fine with the proposed change. I'm also fine with the original > text. > > During boot, certain actions are taken that are recorded in the TPM. > These include, for instance, any loaders that are run - like grub2. The > result is that if you load Windows from grub2 rather than the EFI > firmware, the TPM state will be different. Bitlocker cares about this > TPM state. > > So: if you install Windows and set up Bitlocker booting through grub, it > will continue to work through grub. The Windows installer drops a payload on the drive, and sets a bootnext for an entry that points to the Windows bootloader, not via GRUB. And then, the instant we update either shim or grub, Windows boot will break. I think working around this is sufficiently tedious no users are likely to do it. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
