On Di, 05.07.22 01:44, Fedora Development ML (devel@lists.fedoraproject.org) wrote:
Also, if users have "special" hardware, shouldn't they also have security.
if you need a special kernel cmdline to get your system to boot, then that's a bug in the kernel, and should be fixed there. Adding a kernel cmdline option is a local hack at best, executable only by the most technically savvy of users, and I think for those it's totally OK if you have to disable SecureBoot if you hack around.
Kernels should work universally, and if the don't do that out-of-the-box on some very new or very exotic hardware, then the right fix is not to expect users to be technical enough to set a kernel cmdline, but to fix the kernel to apply the fix automatically where needed. The kernel has plenty infrastructure for that.
Lennart
-- Lennart Poettering, Berlin