From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1cedmn-0000eo-EO
	for mharc-grub-devel@gnu.org; Fri, 17 Feb 2017 03:21:01 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42963)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Dennis.Wassenberg@secunet.com>) id 1cedml-0000eN-2B
	for grub-devel@gnu.org; Fri, 17 Feb 2017 03:21:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Dennis.Wassenberg@secunet.com>) id 1cedmh-0004aP-TU
	for grub-devel@gnu.org; Fri, 17 Feb 2017 03:20:59 -0500
Received: from a.mx.secunet.com ([62.96.220.36]:34370)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Dennis.Wassenberg@secunet.com>)
	id 1cedmh-0004aG-Lu
	for grub-devel@gnu.org; Fri, 17 Feb 2017 03:20:55 -0500
Received: from localhost (localhost [127.0.0.1])
	by a.mx.secunet.com (Postfix) with ESMTP id 31C3420705;
	Fri, 17 Feb 2017 09:20:53 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1])
	by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id KIPUIbDtuyLt; Fri, 17 Feb 2017 09:20:38 +0100 (CET)
Received: from mail-essen-01.secunet.de (204.40.53.10.in-addr.arpa
	[10.53.40.204])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by a.mx.secunet.com (Postfix) with ESMTPS id C00E9206FA;
	Fri, 17 Feb 2017 09:20:38 +0100 (CET)
Received: from [10.182.7.39] (10.182.7.39) by mail-essen-01.secunet.de
	(10.53.40.204) with Microsoft SMTP Server (TLS) id 14.3.319.2;
	Fri, 17 Feb 2017 09:20:38 +0100
Subject: Re: UEFI secure boot
References: <aa5822cd-df9a-2827-91f8-0ab19de8d6a9@secunet.com>
	<20170216220336.GA31716@router-fw-old.local.net-space.pl>
To: The development of GNU GRUB <grub-devel@gnu.org>, <dkiper@net-space.pl>
From: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Organization: secunet Security Networks
Message-ID: <702eddb8-f354-00c3-4f83-c4af91c20a34@secunet.com>
Date: Fri, 17 Feb 2017 09:17:02 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <20170216220336.GA31716@router-fw-old.local.net-space.pl>
Content-Type: text/plain; charset="windows-1252"
X-Originating-IP: [10.182.7.39]
X-G-Data-MailSecurity-for-Exchange-State: 0
X-G-Data-MailSecurity-for-Exchange-Error: 0
X-G-Data-MailSecurity-for-Exchange-Sender: 23
X-G-Data-MailSecurity-for-Exchange-Server: d65e63f7-5c15-413f-8f63-c0d707471c93
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
X-G-Data-MailSecurity-for-Exchange-Guid: D8288DD1-EBBE-4B36-A9DA-F828B6C09065
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 62.96.220.36
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2017 08:21:00 -0000

Hi, Daniel,

On 16.02.2017 23:03, Daniel Kiper wrote:
> On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote:
>> Hi all,
>>
>> I have a question regarding grub2 in relation with UEFI secure boot. I
>> do use a grub2 efi binary which is signed with sbsigntools. If the gru=
b2
>> starts I think there is in general no information about that the grub2
>> is booted in secure boot environment.
>=20
> Why do you need that?
Just to show that it is booted in secure mode. In general there are only
a few devices which shows at the beginning that secureboot is active. So
maybe it makes sense to show it at the booted efi application. If a user
is interested in knowing if it is active or not he has to enter the
Setup. In case of Lenovo there it is not shown directly if secureboot is
active or not. At the secureboot tab there is shown that secureboot is
enabled or not and if secureboot is in custom mode or setup mode. I
believe that not every user known what this means. Thats why I think a
hint if secureboot is currently active or not would make sense.
>=20
>> Is there a possibility to show that in grub2? I found no way to do tha=
t.
>=20
> If there is an use case why not.
Would this be a use case?
>=20
>> Are you interested in having the possibility to show the uefi secure
>> boot status (e.g. EFI variable secureboot)?
>=20
> I am going to work on shim protocol verification for Multiboot2
> compatible images. I hope that it will be taken into GRUB2 2.03.
Ah ok.
>=20
> Daniel

Thank you for your response.

Best regards,
Dennis
>=20
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>=20