On 03/28/2015 09:33 PM, Chris Murphy wrote:
On Sat, Mar 28, 2015 at 2:08 PM, Andrei Borzenkov
wrote: В Sat, 28 Mar 2015 13:36:01 -0600 Chris Murphy
пишет: On Sat, Mar 28, 2015 at 5:47 AM, Andrei Borzenkov
wrote: I tried to reproduce it (using QEMU with OVMF + Microsoft keys) but unfortunately Windows 2012 R2 preview image I downloaded fails to boot when secure boot is enabled. It's possible to get a free Windows 8.1 Enterprise eval. It expires in 90 days from installation so it's useful for testing, and boots either BIOS or UEFI systems.
I have Windows 8 eval (how exactly should it be different from 2012?) and it does not boot with secure boot enabled either.
If you have Windows installation with working secure boot enabled, could you please send me \EFI\Windows archive? I returned it a month ago, but I still have the EFI/ directory from the recovery media. It's a lot different than the EFI/ directory for an actual installation, but it still depends on Secure Boot so if that's useful let me know and I'll send that.
Yes, please, send it.
Grub includes grub-bless utility for OS X. I wonder, if this is exactly what is required. Blessing is a function of HFS+, it won't work on FAT32. I know that I had to bless (using OS X tools) grub in ESP to be able to select it for booting. So it apparently works. May be it stores metadata somewhere in HFS+, do not know.
Obviously if the system running grub-mkconfig is booted in EFI mode, it's completely wrong to produce a grub.cfg that uses xnu modules to try to boot OS X. Does os-prober determine whether the current system is booted in EFI vs with CSM?
No. You are welcome to implement it. It is /usr/lib/os-probes/mounted/20macosx. Well that's like telling a plant to water itself. In other words, it's not happening. It's easier to just hold the option key at boot time, and use the firmware's built-in boot manager.
So not only is it difficult to get os-prober, or whatever, to do the right thing. It's like pulling teeth getting it to stop doing the wrong thing by writing out bogus menu entries that invariably cause the system to kernel panic when used.
Not to mention that to rely on how current system where configuration file is being created was booted is wrong as well. Boot method should be detected at run time; but this will make resulting grub.cfg even less readable and more difficult to parse. Right. Well gummiboot and rEFInd do this correctly with OS X, they use dynamic discovery. So whoever was interested enough to make this work for OS X in the much more convoluted case of EFI booting OS X from a CSM execute GRUB 2, has apparently vanished and no one cares to either inhibit or fix things. And it's been like this for years after it was obsolete.
Windows 10 ships this summer and makes Secure Boot mandatory. So pretty soon there's only
Yeah - that is wrong information and it is ALSO wrong information that secure boot solves ANY PROBLEM that a user might need. http://cdn.arstechnica.net/wp-content/uploads/2015/03/windows-10-secure-boot... See the word ***option*** If you want to make completely flexible firmware with Free Software, I'm all for it and that would be more secure. But locking the Kernel to the Hardware servers NO PURPOSE, other than a business model. ...ranting about boot kits from the pre-x86 days not withstanding. If anything, the vendors are a bigger security risk than anyone. Care for some superfish? Ruben -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org