On 2021-10-20 14:47:18 [+0800], joeyli wrote: > > I have no idea what it does. This enrolling is only required once > > per-lifetime and not on each system boot, right? > > Yes, no each system boot. > > But when boot loader or kernel be updated or user wants to install a > self-signed kernel or module. Then they need to reboot with efi=runtime > in the future. I see. > On the other hand, any RT distro that suppors MOK needs to modify their > installation program/process to add efi=runtime in first boot. Otherwise > the installation will be failed. Honestly this patch changed the kernel > behavior and it may causes that old installation get problem. Nope. It was in the -RT queue since v4.18-RT, and I see it backported into latest v4.14.244-rt121 probably earlier kernels, too. So unless you ship something pre v4.18-RT without that patch and you update to post v4.18-RT you need to pay attention - independently of this being now merged upstream. This is also in the wiki https://wiki.linuxfoundation.org/realtime/documentation/known_limitations#efi > Joey Lee Sebastian
