Secure Boot lack shouldn't be a failure on older FW
Bug #1672882 reported by
mirh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Firmware Test Suite |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
I'm not really sure what changed between initial Secure Boot implementation that according to spec was also available in 2.0, and whatever microsoft refers with "updated policies to include time-authenticated variables, stronger keys" (http://
But anyway at least according to revision history, SecureBootCertV
Couldn't these steps be skipped entirely in these cases then?
It shouldn't be a problem to automatically know which EFI version is implemented, given it's one of the first lines printed in dmesg.
Alternatively, arch/x86/
Revision history for this message
| Alex Hung (alexhung) wrote | #1 |
| Changed in fwts: | |
| status: | New → Incomplete |
Revision history for this message
| mirh (mirh) wrote | #2 |
| Changed in fwts: | |
| status: | Incomplete → Fix Released |
To post a comment you must log in.
A change in 17.05.00 may have address your issue:
commit a94a9d60710ed6b
Author: Ivan Hu <email address hidden>
Date: Tue May 16 16:30:48 2017 +0800
uefi: securebootcert: warnings for secure boot variables not exist instead of failures
Some firmwares like OVMF or EDKII may not create these UEFI variables when
they are not enabled the secure boot, it won't affect any functions because the
secure boot is not supported or enabled. So set the tests as warnings instead
of failures for the readiness of secure boot.
Will you be able to test new fwts and share your results?