On Thu, Apr 7, 2022 at 4:18 PM Florian Weimer <[email protected]> wrote:
> * Chris Murphy: > > > On Thu, Apr 7, 2022 at 2:54 AM Florian Weimer <[email protected]> > wrote: > >> > >> * Chris Murphy: > >> > >> > On Tue, Apr 5, 2022 at 9:56 AM Florian Weimer <[email protected]> > wrote: > >> >> > >> >> * Peter Robinson: > >> >> > >> >> > This is out of context here because you can disable Secure Boot but > >> >> > still use UEFI to make that work. You're trying to link to > different > >> >> > problems together. > >> >> > >> >> I think there's firmware out there which enables Secure Boot > >> >> unconditionally in UEFI mode, but still has CSM support. > >> > > >> > The UEFI spec makes CSM and Secure Boot mutually exclusive. CSM > >> > enabled renders Secure Boot impossible. So I'm not sure how the > >> > firmware can simultaneously enforce Secure Boot, but then permit the > >> > loading of non-compliant bootloaders. > >> > >> I meant that without CSM, Secure Boot is always enabled. I don't know > >> if Fedora UEFI installations work on such systems when CSM is enabled. > > > > CSM enabled systems get a BIOS GRUB installation just as if it was a > > system without UEFI. The system gets an MBR, GRUB boot code in MBR, > > GRUB stage 2 in the MBR gap, etc. > > Okay, then Secure Boot is mandatory on these systems as far as Fedora is > concerned once Fedora removes BIOS support, just as I suspected. > There are some Acer systems that make it harder to disable secure boot, but it's still possible. I've not heard of cases where you cannot at all disable secure boot. > Thanks, > Florian > _______________________________________________ > devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > -- Jared Dominguez (he/him) Software Engineering Manager New Platform Technologies Enablement team RHEL Workstation Engineering If I am emailing outside of business hours (mine or yours), it is my choice and does not mean I expect you to respond today.
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
