Re: No longer sign i386 kernels
Hey Bastian!
On Wed, Dec 06, 2023 at 06:01:17PM +0100, Bastian Blank wrote:
>
>I would like do stop signing i386 kernels.
>
>- IA32 UEFI is basically non existent outside of the Apple world and
> maybe some embedded stuff.
>- i386 lacks many of the microarchitectural fixes that creeped in during
> the last years. So those kernels are unsuitable for real world usage
> of processors released in the last ten years.
>
>Install base of a IA32 EFI capable boot chain, as possible to see by
>popcon (via grub-efi-ia32-signed): 178
>
>Install base of a X64 EFI capable boot chain (via
>grub-efi-amd64-signed): 71743
ACK. We're heading towards deprecating i386 as a full architecture
anyway and just keeping it as a secondary arch for backwards
compatibility for old programs, Wine, games etc. So I think this makes
sense.
We should publicise this for users and be consistent for all the EFI
signed binaries - there's no point in signing i386 grub and fwupd or
having a signed shim if we don't have a signed kernel.
Agreed?
--
Steve McIntyre, Cambridge, UK. steve@einval.com
< Aardvark> I dislike C++ to start with. C++11 just seems to be
handing rope-creating factories for users to hang multiple
instances of themselves.
Reply to: