https://bugzilla.suse.com/show_bug.cgi?id=1219807 https://bugzilla.suse.com/show_bug.cgi?id=1219807#c19 --- Comment #19 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to Alberto Planas Dominguez from comment #18)
Right, that is how fde works with grub2, but the comment was more about the grub2-shim interaction when loading the kernel.
The pcr-oracle workaround works under the assumption that there is only one pcr4 extension of type boot services application that has this issue (the kernel). This can be invalidated if grub2 is following a different protocol.
Currently grub only uses shim to verify file of type "kernel" or other EFI binary when chainloading it. So, in normal case of shim -> grub -> kernel there should be only one such event for the kernel. -- You are receiving this mail because: You are on the CC list for the bug.