[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

secure boot in grub (was: Re: PK/KEK for ovmf)


dann frazier writes:
> [1] https://salsa.debian.org/qemu-team/edk2/blob/debian/debian/PkKek-1.README

I've no answer to your question right now, but the following sentence
caught my attention:

| When grub is run without the shim protocol registered, it assumes SB is
| disabled and boots without verifying the kernel.

Is this correct?

If I enroll Debian's signing key and then boot grub directly, does that
actually disable secure boot?  That looks like a bug to me.


Reply to: