* Chris Murphy:
> On Thu, Apr 7, 2022 at 2:54 AM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * Chris Murphy:
>>
>> > On Tue, Apr 5, 2022 at 9:56 AM Florian Weimer <fweimer@redhat.com> wrote:
>> >>
>> >> * Peter Robinson:
>> >>
>> >> > This is out of context here because you can disable Secure Boot but
>> >> > still use UEFI to make that work. You're trying to link to different
>> >> > problems together.
>> >>
>> >> I think there's firmware out there which enables Secure Boot
>> >> unconditionally in UEFI mode, but still has CSM support.
>> >
>> > The UEFI spec makes CSM and Secure Boot mutually exclusive. CSM
>> > enabled renders Secure Boot impossible. So I'm not sure how the
>> > firmware can simultaneously enforce Secure Boot, but then permit the
>> > loading of non-compliant bootloaders.
>>
>> I meant that without CSM, Secure Boot is always enabled. I don't know
>> if Fedora UEFI installations work on such systems when CSM is enabled.
>
> CSM enabled systems get a BIOS GRUB installation just as if it was a
> system without UEFI. The system gets an MBR, GRUB boot code in MBR,
> GRUB stage 2 in the MBR gap, etc.
Okay, then Secure Boot is mandatory on these systems as far as Fedora is
concerned once Fedora removes BIOS support, just as I suspected.
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure