Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> wrote: > > Matt argues, however, that boot_params->secure_boot should be propagated from > > the bootloader and if the bootloader wants to set it, then we should skip the > > check in efi_main() and go with the bootloader's opinion. This is something > > we probably want to do with kexec() so that the lockdown state is propagated > > there. > > Actually what I was arguing for was that if the boot loader wants to > set it and bypass the EFI boot stub, e.g. by going via the legacy > 64-bit entry point, startup_64, then we should allow that as well as > setting the flag in the EFI boot stub. That brings up another question: Should the non-EFI entry points clear the secure_boot mode flag and set a default? David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
