On Tue, 2022-12-20 at 11:43 +0800, Dave Young wrote: > Hi Ard, > > Real time kernels usually disable efi runtime for latency issues, Could you say a bit more about this? I was under the impression we only call efi runtime services when asked: for variable or capsule updates or if you use the EFI RTC. So if you don't use EFI services in a real time kernel, you shouldn't suffer any latency issues due to having them enabled. > but for some use cases, e.g. when Secure Boot is used kexec needs to > get the UEFI keys to verify the kernel signatures with > kexec_file_load syscall. It's not just kexec. Without EFI variable services, you won't be able to update the MoK keys for new kernels either. James > > Do you have suggestions on how to make both work? > Is it possible to have something like CONFIG_EFI_DISABLE_RUNTIME_LATE > so the runtime can be disabled after init phase or a runtime switch > in sysctl? > > Thanks > Dave >
