On 17 February 2017 at 05:13, Lukas Wunner <lukas@xxxxxxxxx> wrote: > On Thu, Feb 16, 2017 at 06:08:23PM +0000, Ard Biesheuvel wrote: >> The newly refactored code that infers the firmware's Secure Boot state >> prints the following error when the variables 'SecureBoot' is missing. >> >> EFI stub: ERROR: Could not determine UEFI Secure Boot status. >> >> However, this variable is only guaranteed to be defined on a system that >> is Secure Boot capable to begin with, and so it is not an error if it is >> missing. So report Secure Boot as being disabled in this case, without >> printing any error messages. > > In fact I pointed out this change of behaviour on ARM during the > review process: > > https://lkml.org/lkml/2016/12/8/702 > > But David thought otherwise. :-( > I do remember that discussion. But I think David catered for that by returning enabled/disabled/unknown, deferring the decision how to deal with 'unknown' to the caller. But I did not appreciate at the time that this was a change in behavior nonetheless, and printing errors that are not errors only confuses people. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
