On Wed, 2021-11-17 at 17:20 +0000, Eric Snowberg wrote: > > > > On Nov 17, 2021, at 10:02 AM, Konrad Wilk <konrad.wilk@xxxxxxxxxx> wrote: > > > > On Wed, Nov 17, 2021 at 09:51:25AM +0200, Jarkko Sakkinen wrote: > > > On Wed, 2021-11-17 at 09:50 +0200, Jarkko Sakkinen wrote: > > > > On Tue, 2021-11-16 at 11:39 -0500, Konrad Rzeszutek Wilk wrote: > > > > > On Tue, Nov 16, 2021 at 06:24:52PM +0200, Jarkko Sakkinen wrote: > > > > > > On Tue, 2021-11-16 at 11:18 -0500, Konrad Rzeszutek Wilk wrote: > > > > > > > > > I have included a link to the mokutil [5] changes I have made to support > > > > > > > > > this new functionality. The shim changes have now been accepted > > > > > > > > > upstream [6]. > > > > > > > > > > > > > > ..snip.. > > > > > > > > > [6] https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f > > > > > > > > > > > > > > ..snip.. > > > > > > > > > > > > > > > > Does shim have the necessary features in a release? > > > > > > > > > > > > > > Hi! > > > > > > > > > > > > > > It has been accepted in the upstream shim. If you are looking > > > > > > > for a distribution having rolled out a shim with this feature (so signed > > > > > > > by MSF) I fear that distributions are not that fast with shim releases. > > > > ~~~ > > > > > > > > Should that be MS, or what does MSF mean? > > > > Microsoft :-) > > Correct, I’ll fix that in the next round. > > > > > > > > > > > > > > > Also these: > > > > > > > https://github.com/rhboot/shim/pulls > > > > > > > https://github.com/rhboot/shim/issues > > > > > > > > > > > > > > do mean some extra work would need to go in before an official > > > > > > > release is cut. > > > > > > > > > > > > > > Hope this helps? > > > > > > > > > > > > Yes. I'll hold with this up until there is an official release. Thank you. > > > > > > > > > > Not sure I understand - but what are the concerns you have with shim > > > > > code that has been accepted? > > > > > > > > Maybe my concern is that none of the patches have a tested-by? > > > > > > > > Probably would be easier to get a test coverage, e.g. for people like > > > > me who do not even know how to self-compile Shim, how to setup user > > > > space using the product and so forth. > > > ~~~~~~~~~~~~~~~~~ > > > > > > for the end product > > > > <nods> That makes total sense. Thanks for the explanation, let me double > > check whether > > > > https://github.com/rhboot/shim/blob/main/BUILDING > > > > is still correct. > > Those are the steps I use for building. I then move over mmx64.efi and > shimx64.efi to the ESP. I can add the shim build/install instructions to the next > cover letter If you think that would be appropriate. Yeah, that would be great. I'll try to setup VM for that purpose. I have already a script to build UEFI enabled archlinux VM's, which I use to test SGX patches. I can probably tailor that for this purpose. /Jarkko
