Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

From: Matthew Garrett
Date: Wed Feb 09 2022 - 11:50:12 EST

Next message: Sean Christopherson: "Re: [PATCHv2 00/29] TDX Guest: TDX core support"
Previous message: Marc Zyngier: "[PATCH 10/10] pinctrl: starfive: Switch to dynamic chip name output"
In reply to: Aditya Garg: "Re: [PATCH v2] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Next in thread: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 09, 2022 at 02:27:51PM +0000, Aditya Garg wrote:
> From: Aditya Garg <gargaditya08@xxxxxxxx>
>
> On T2 Macs, the secure boot is handled by the T2 Chip. If enabled, only
> macOS and Windows are allowed to boot on these machines. Thus we need to
> disable secure boot for Linux. If we boot into Linux after disabling
> secure boot, if CONFIG_LOAD_UEFI_KEYS is enabled, EFI Runtime services
> fail to start, with the following logs in dmesg

Which specific variable request is triggering the failure? Do any
runtime variable accesses work on these machines?

Next message: Sean Christopherson: "Re: [PATCHv2 00/29] TDX Guest: TDX core support"
Previous message: Marc Zyngier: "[PATCH 10/10] pinctrl: starfive: Switch to dynamic chip name output"
In reply to: Aditya Garg: "Re: [PATCH v2] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Next in thread: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]