From: Chris Murphy <lists@colorremedies.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: How to boot Windows when Bitlocker enabled with key sealed in TPM
Date: Thu, 10 Feb 2022 11:46:33 -0700 [thread overview]
Message-ID: <CAJCQCtStVRoXQmgQv2k7hEYopXDstP=tSpUznMdJosS2qek+4g@mail.gmail.com> (raw)
In-Reply-To: <YgUl2cl+gFcGueY+@csclub.uwaterloo.ca>
On Thu, Feb 10, 2022 at 10:18 AM Lennart Sorensen
<lsorense@csclub.uwaterloo.ca> wrote:
>
> On Mon, Feb 07, 2022 at 04:48:43PM -0700, Chris Murphy wrote:
> > One idea I've heard floated is, having GRUB alter efivars such that
> > BootNext is changed to do a one time boot of Windows, instead of using
> > chainloader. If BIOS, use chainloader as now. If UEFI, set BootNext
> > efi variable? This has the benefit of working even on UEFI systems
> > which aren't BitLocker encrypted.
> >
> > Can GRUB modify efivars now? If not, what work would be needed to
> > enable GRUB to modify efivars? Alternatives?
>
> I am pretty sure I have read of cases where systems used such low quality
> flash for their UEFI variables that they broke after being written too
> many times. I think Ubuntu had a bug that caused it to rewrite some
> UEFI variable ever boot that initially spotted the problem or something
> like that. Cheap flash is often 10000 writes or even less in some cases.
>
> But rewriting the variable each time you boot sounds like a "Don't do
> that" thing.
Not every boot. Just when the user picks the Windows entry in the
menu. Anyway, the death of NVRAM is orthogonal to the issue, which is
that the current paradigm isn't working for newer systems. Eventually
it'll be the common case. So is the idea to just leave it broken, or
fix it? At a certain point it makes more sense to stop creating
Windows boot entries if they're not going to work.
Also, systemd-boot is going to support BootNext.
https://github.com/systemd/systemd/pull/22043/commits/661615a0afacee3545cde0a48286c0fef983f8fe
--
Chris Murphy
next prev parent reply other threads:[~2022-02-10 18:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 23:48 How to boot Windows when Bitlocker enabled with key sealed in TPM Chris Murphy
2022-02-09 22:08 ` Chris Murphy
2022-02-10 14:48 ` Lennart Sorensen
2022-02-10 18:46 ` Chris Murphy [this message]
2022-02-10 19:28 ` Lennart Sorensen
2022-02-10 21:13 ` Chris Murphy
2022-02-12 23:32 ` Lennart Sorensen
2022-03-25 20:13 ` Chris Murphy
2022-03-25 20:31 ` Vladimir 'phcoder' Serbinenko
2022-03-25 23:00 ` Chris Murphy
2022-03-25 23:08 ` Chris Murphy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJCQCtStVRoXQmgQv2k7hEYopXDstP=tSpUznMdJosS2qek+4g@mail.gmail.com' \
--to=lists@colorremedies.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.