Wanted to follow up on this--was away from my desk because of holidays in the US. I did open an issue on github: https://github.com/systemd/systemd/issues/25548 Thank you for your help here, Lennart. Thanks, --Daniel On Wed, Nov 23, 2022 at 12:32 PM Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote: > > On Mi, 23.11.22 17:56, Lennart Poettering (lennart@xxxxxxxxxxxxxx) wrote: > > > > If this is a bug, I'd be willing to attempt a pull request submission > > > if a suggested fix is given. Overall we like the functionality > > > sd-boot provides and the integration with systemd, but this is likely > > > a hard requirement for our use case. > > > > Yes please file an issue on github first, and this does sound a lot > > like something we should fix, hence a PR that addresses this would be > > more than welcome, too. > > BTW, I think we should treat an EFI binary like a system we can't boot > as per the boot assessment logic. i.e. whenever we fail to invoke a > binary (regardless if the reason is the security check or something > else), then we should count down it's counters, and then stop using it > once it hits zero. > > i.e. i think this should hook into the logic described in > https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT > > Lennart > > -- > Lennart Poettering, Berlin
Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Daniel Harms <jdharms@xxxxxxxxx>
- Date: Mon, 28 Nov 2022 09:29:35 -0500
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <Y35ZNSeRKUhoUhIH@gardel-login>
- References: <CA+E_+MqOSoGqgeo=p9HTf_dTjRKdRnmQvini98EahnNrH2eiug@mail.gmail.com> <Y35EltU0Sd9AKJh+@gardel-login> <CA+E_+Mo_pL+STPQaxRvz05hZ8h_qhT0nV0u1-ShDbFUm9psvoQ@mail.gmail.com> <Y35Q0RxL2whbzHaL@gardel-login> <Y35ZNSeRKUhoUhIH@gardel-login>
- References:
- Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Daniel Harms
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Daniel Harms
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering
- Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Prev by Date: Re: RFC: Passing on initial client user in systemd-userdbd
- Next by Date: Re: RFC: Passing on initial client user in systemd-userdbd
- Previous by thread: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Next by thread: Some questions on userdbd and providing a compatible service
- Index(es):
 |