Comment # 18 on bug 1219807 from Alberto Planas Dominguez

(In reply to Andrei Borzenkov from comment #17)

> Yes, I believe it is OK.

Great. I will create the issue then. Thanks for the review!

> Re grub2

Right, that is how fde works with grub2, but the comment was more about the
grub2-shim interaction when loading the kernel.

The pcr-oracle workaround works under the assumption that there is only one
pcr4 extension of type boot services application that has this issue (the
kernel).  This can be invalidated if grub2 is following a different protocol.