From: Ignat Korchagin <ignat@cloudflare.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: Daniel Kiper <dkiper@net-space.pl>
Subject: Re: UEFI secure boot
Date: Fri, 17 Feb 2017 11:00:52 +0000 [thread overview]
Message-ID: <CALrw=nFWX-jpWWpPTFxN9xNU-yQy2BeXYaW+2u_oy6A0LpJRxA@mail.gmail.com> (raw)
In-Reply-To: <702eddb8-f354-00c3-4f83-c4af91c20a34@secunet.com>
[-- Attachment #1: Type: text/plain, Size: 2326 bytes --]
I tried to submit a patch some time ago, where you can get SecureBoot and
SetupMode variables from GRUB shell and config file:
http://lists.gnu.org/archive/html/grub-devel/2016-01/msg00078.html
It was abandoned for some reason.
Also, I think recent patches proposed by Matthew Garrett also allow to do
this
On Fri, Feb 17, 2017 at 8:17 AM, Dennis Wassenberg <
dennis.wassenberg@secunet.com> wrote:
> Hi, Daniel,
>
> On 16.02.2017 23:03, Daniel Kiper wrote:
> > On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote:
> >> Hi all,
> >>
> >> I have a question regarding grub2 in relation with UEFI secure boot. I
> >> do use a grub2 efi binary which is signed with sbsigntools. If the grub2
> >> starts I think there is in general no information about that the grub2
> >> is booted in secure boot environment.
> >
> > Why do you need that?
> Just to show that it is booted in secure mode. In general there are only
> a few devices which shows at the beginning that secureboot is active. So
> maybe it makes sense to show it at the booted efi application. If a user
> is interested in knowing if it is active or not he has to enter the
> Setup. In case of Lenovo there it is not shown directly if secureboot is
> active or not. At the secureboot tab there is shown that secureboot is
> enabled or not and if secureboot is in custom mode or setup mode. I
> believe that not every user known what this means. Thats why I think a
> hint if secureboot is currently active or not would make sense.
> >
> >> Is there a possibility to show that in grub2? I found no way to do that.
> >
> > If there is an use case why not.
> Would this be a use case?
> >
> >> Are you interested in having the possibility to show the uefi secure
> >> boot status (e.g. EFI variable secureboot)?
> >
> > I am going to work on shim protocol verification for Multiboot2
> > compatible images. I hope that it will be taken into GRUB2 2.03.
> Ah ok.
> >
> > Daniel
>
> Thank you for your response.
>
> Best regards,
> Dennis
> >
> > _______________________________________________
> > Grub-devel mailing list
> > Grub-devel@gnu.org
> > https://lists.gnu.org/mailman/listinfo/grub-devel
> >
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
[-- Attachment #2: Type: text/html, Size: 3330 bytes --]
next prev parent reply other threads:[~2017-02-17 11:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-16 8:21 UEFI secure boot Dennis Wassenberg
2017-02-16 22:03 ` Daniel Kiper
2017-02-17 8:17 ` Dennis Wassenberg
2017-02-17 11:00 ` Ignat Korchagin [this message]
[not found] <4FF474E4.2030402@fpmurphy.com>
2012-07-05 8:33 ` UEFI Secure Boot James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALrw=nFWX-jpWWpPTFxN9xNU-yQy2BeXYaW+2u_oy6A0LpJRxA@mail.gmail.com' \
--to=ignat@cloudflare.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.