Re: No longer sign i386 kernels
On Wed, Dec 06, 2023 at 11:44:52PM +0100, Pascal Hambourg wrote:
>Hello,
>
>On 06/12/2023 at 22:09, Steve McIntyre wrote:
>>
>> On Wed, Dec 06, 2023 at 06:01:17PM +0100, Bastian Blank wrote:
>> >
>> > I would like do stop signing i386 kernels.
>> >
>> > - IA32 UEFI is basically non existent outside of the Apple world and
>> > maybe some embedded stuff.
>(...)
>> there's no point in signing i386 grub and fwupd or
>> having a signed shim if we don't have a signed kernel.
>
>Over the years I have seen a number of netbook or tablet-style PCs with
>32-bit UEFI firmware and a 64-bit capable CPU, so they could boot with
>grub-efi-ia32 and an amd64 kernel. I do not remember if they supported secure
>boot though.
Some of them did, but at this point the most recent of those Bay Trail
netbooks is heading for a decade old. They were designed to be very
cheap, which means very few will have survived this long. We're not
proposing to kill support *altogether*, but SB isn't a priority here
for such old machines IMHO.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
“Why do people find DNS so difficult? It’s just cache invalidation and
naming things.”
-– Jeff Waugh (https://twitter.com/jdub)
Reply to: