Comment 3 for bug 1696599
Revision history for this message
| Mathieu Trudel-Lapierre (cyphermox) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I've updated the description to make the rationale clearer. This is a general backport of the patchset coming from "upstream" (in this case, being the "UEFI community" instead of GNU GRUB, and personified in this git tree from fedora), which include changes such as:
- general cleanup and fixes (memory usage, etc.)
- load arm with SB enabled
- fixing a race in EFI validation (verifying Secure Boot signature for a kernel)
- allow chainloading including the device part of the EFI boot path (chainloading across drives, for example)
- honour Secure Boot in the chainloader (verify via Shim, not just EFI Boot Services)
- avoid loading modules not permissible in Secure Boot
- fixes for PE section alignment (mostly related to chainloading the Windows bootloader)
- properly handle Secure Boot state when loading images (behaving correctly when Secure Boot validation in shim is disabled; correctly interpreting the result of shim's Secure Boot validation failing in the cases where SB is disabled in firmware vs. when it is disabled in shim or when not booting through shim)