On Tue, Oct 23, 2012 at 11:04:29AM +0900, Simon Horman wrote: > On Mon, Oct 22, 2012 at 04:43:39PM -0400, Vivek Goyal wrote: > > On Fri, Oct 19, 2012 at 10:31:12AM -0400, Vivek Goyal wrote: > > > > [..] > > > - What happens to purgatory code. It is unsigned piece of code which > > > runs in kernel? > > > > Thinking more about it, another not so clean proposal. > > I have always assumed that purgatory can't be removed > as doing so would break backwards compatibility. Hi Simon, I think this will be a new parallel path and this new path should be taken only on kernel booted with secure boot enabled. (Either automatically or by using some kexec command line option). So nothing should be broken because we never supported anything on secure boot enabled system. Thanks Vivek
