Re: [GRUB PATCH RFC 12/18] i386/efi: Report UEFI Secure Boot status to the Linux kernel

From: Matthew Garrett
Date: Tue May 05 2020 - 13:29:20 EST


On Mon, May 4, 2020 at 4:25 PM Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:
>
> Otherwise the kernel does not know its state and cannot enable various
> security features depending on UEFI Secure Boot.

I think this needs more context. If the kernel is loaded via the EFI
boot stub, the kernel is aware of the UEFI secure boot state. Why
duplicate this functionality in order to avoid the EFI stub?