On Wed, Oct 20, 2021 at 08:28:50AM +0200, Sebastian Andrzej Siewior wrote: > On 2021-10-20 14:09:55 [+0800], joeyli wrote: > > On Tue, Sep 28, 2021 at 04:24:34PM +0200, Sebastian Andrzej Siewior wrote: > > > On 2021-09-28 15:34:47 [+0200], Ard Biesheuvel wrote: > > > > Are you sure you want to disable EFI runtime services on all x86 > > > > systems with PREEMPT_RT as well? > > > > > > The only problem that I am aware of is that you need to reboot with > > > enabled runtime service (via bootargs, #2) in order to alter boot loader > > > settings. > > > > Just provide another case: > > Anyone who uses mokutil for enrolling MOK will also need reboot with > > efi=runtime first. > > I have no idea what it does. This enrolling is only required once > per-lifetime and not on each system boot, right? Yes, no each system boot. But when boot loader or kernel be updated or user wants to install a self-signed kernel or module. Then they need to reboot with efi=runtime in the future. On the other hand, any RT distro that suppors MOK needs to modify their installation program/process to add efi=runtime in first boot. Otherwise the installation will be failed. Honestly this patch changed the kernel behavior and it may causes that old installation get problem. Joey Lee
