Hello, Since `5f56a74cc0a6d9b9f8ba89cea29cd7c4774cb2b1`[1] I can't have both SecureBoot enabled and lockdown disabled (I need to do that to allow undervolting on my intel laptop). My current bootchain is: systemd-boot -> kernel+initrd+cmdline as a unified kernel image and signed using a personal custom key. I don't use the shim loader. Until now I disabled the lockdown by setting the `MokSBState` + `MokSBStateRT` UEFI variables to 1. Now they need to be volatile. Would you be open to either add a variable or a command-line argument to disable the kernel lockdown while keeping SecureBoot enabled ? If so what would be the right way to express it ? Thanks, [1]: https://lore.kernel.org/linux-efi/20220920153743.3598053-1-ardb@xxxxxxxxxx/ -- Antoine 'xdbob' Damhet
Attachment:
signature.asc
Description: PGP signature
