On 4/3/23 08:40, Andrei Borzenkov wrote:
As you see, even "previous" adds minimal grub requirement which may block grub from other distributions (all to protect you of course :) ).
What is*NOT* possible is to tell shim to leave SbatLevel the hell alone on*my* system.
Frankly the implementation looks like security theater to me, but I am not security expert ...
Sound like a total cluster-fsck if implemented at the EFI level for systems with multiple virtualized OS's to boot. Other than there being this gap (like the Ubuntu example that still had gen. 1 sbat), is this being fixed? What are companies that store virtualized images for backups (historical or otherwise) supposed to do if all of a sudden none of the saved VM's will boot due to a sbat cockup? -- David C. Rankin, J.D.,P.E.