Secure Boot lack shouldn't be a failure on older FW
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Firmware Test Suite |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm not really sure what changed between initial Secure Boot implementation that according to spec was also available in 2.0, and whatever microsoft refers with "updated policies to include time-authenticated variables, stronger keys" (http://
But anyway at least according to revision history, SecureBootCertV
Couldn't these steps be skipped entirely in these cases then?
It shouldn't be a problem to automatically know which EFI version is implemented, given it's one of the first lines printed in dmesg.
Alternatively, arch/x86/
A change in 17.05.00 may have address your issue:
commit a94a9d60710ed6b 28597e23d332d56 58cd02fe08
Author: Ivan Hu <email address hidden>
Date: Tue May 16 16:30:48 2017 +0800
uefi: securebootcert: warnings for secure boot variables not exist instead of failures
Some firmwares like OVMF or EDKII may not create these UEFI variables when
they are not enabled the secure boot, it won't affect any functions because the
secure boot is not supported or enabled. So set the tests as warnings instead
of failures for the readiness of secure boot.
Will you be able to test new fwts and share your results?