On Fri, Sep 12, 2025 at 08:46:18AM +0100, Peter Robinson via arm wrote:
> On Thu, 11 Sept 2025 at 21:24, Dominik 'Rathann' Mierzejewski via arm
> <arm@lists.fedoraproject.org> wrote:
> >
> > I never said SecureBoot writes anywhere. I asked if the kernel prevents
> > the OS from writing to SPI if SecureBoot is active.
>
> Why would it? That's not what secure boot does, it purely verifies the
> next stage of the boot process.
Yes, but for that being still the case on the next boot you want make
sure nobody goes replace your firmware with another version which skips
the secure boot verification. Likewise the EFI variable storage must be
protected to make sure nobody tampers with the certificate databases.
take care,
Gerd
--
_______________________________________________
arm mailing list -- arm@lists.fedoraproject.org
To unsubscribe send an email to arm-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/arm@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment