From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 06 Feb 2025 08:49:41 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f185.google.com (mail-lj1-f185.google.com [209.85.208.185]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5167neqb017877 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 6 Feb 2025 08:49:40 +0100 Received: by mail-lj1-f185.google.com with SMTP id 38308e7fff4ca-30239e5c98dsf2797101fa.3 for ; Wed, 05 Feb 2025 23:49:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738828175; cv=pass; d=google.com; s=arc-20240605; b=FtzzraPNY0dXggfQA6jUsZpiLqxhscUvX4TUhzQ2hZK/20BC7xk2Yxhlh+O4JmccA9 5TUzNhi/+4S25S6U6SuN+p+ySIcWWHh8wMamuVfPYhTXlA5iL3PRVCUn4/idd3m6SwIO IyVZxSqAxhrVrXSO0ZnmtDWbCtG57msOcyyg8jx+GEr2/ZrxrsjE8e+oRS1asnQL6UCe obibIcxIoRjUhJbd3uPygxgKPVdCQAGkgq4OnYHQQP2ZOkY4yB+LT5jei9Eehv8m8v+0 qK3/6ih+R3zvGzi0o5AIQnhj5r6lqT1XWN/LWa+sVY4jKk1LYnp7hGtlOgj6cZFDf621 mrPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:autocrypt:references:in-reply-to:date:to :from:subject:message-id:sender:dkim-signature; bh=vdBpUER5KHfNiQk/K9JvCFsb/meUmtA76wQxKRtkG+Q=; fh=toSIsgjKGew0t09B9kC2hGFa9PsSFCFPAQzMxesbr2s=; b=Hv2uF33qgJd2cvZ2ZqYI36LVtwCyrd5e4ZH0dS5ZiD+vHor+5iFfeRu7p6IlQslSXs utG9BBmR2SiEKukOUQFcuBNo8S9kDK1D53cOAlnfrqO/2KE9aNnvaz01wc4BWFT6C7QY fj0H7ohdVhptfwNvpoplzdF23OCSPthhyv1s3HLKvBuIQEd1Dfuv0w4WvEuQDrjlMGv1 aqrl0oY1fH3Wa9IdooQ91j7u5gK+apMSsUNGv9AdxOmBO+TnOJ0Fto0FfEYVGzfTPd6P 5C9zG+wHtuSK5Y3sI5oNttNn9KJwxRe5Upa+kYp7biq+wNTclcmyAuDzcICLq+DhLEUF cKjg==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1738828175; x=1739432975; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :autocrypt:references:in-reply-to:date:to:from:subject:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=vdBpUER5KHfNiQk/K9JvCFsb/meUmtA76wQxKRtkG+Q=; b=AvqEZsYt2FESyGTRuTwigXWwXa8Mmvv8NsqxtWcKuqDxPi+njiZBApomLOocz4VuhB GyWiSe/ZITqSvA/Us8lhAldLmvQhrLQHsVrn39QCHjfhxm8zzlbEU+C98/h39ZKpLoQs RhVY6PNba7Tn2+d6DBxX38VGvfaFnxZGdYkyio06zP1U60Ek09SAupXRmUQL3Xtuhzln VvHWe2EB6vPpashUm4P8pYlaQjHP09iU9gkW69V31m10W5sYgJo4uJvPDU5riJy4Ozzo dtl2/fcCiG7Yupiu1wN82oMPJIF5O6w+7KykZdcG2osnxLp6b01gA4imVa6UfZDwVspv rzUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738828175; x=1739432975; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:autocrypt:references :in-reply-to:date:to:from:subject:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=vdBpUER5KHfNiQk/K9JvCFsb/meUmtA76wQxKRtkG+Q=; b=SP1aHrtENLbLQa/BI0jeG++LZis8vAeDTdCUiZGi+mlfpUSvdpM0PQZEfRz9D+FoP6 GDu+DLniNWWC8mYRgpXuXadFTSHFvtCq3MFvJTIx6YKhJ7im1XM373Xsi6spJVzwKo9Q NSimX6lUEmCz8tlOkk6Ja8tKzXGPx46nnHcYu2LxxNWbu12oHIf7OHt+flqpD7J8rxVa Hkc+ows8hwpUj2h58Jtt7eRXre/9a58EkxitzAvLXcBETbAatHlYoXy9kloki1FQolYD gzCEQ2DGuw3bBJ43wFr+YIe42eBQFYE90zMiD/ALU1K/zp6TaCaE+TvJOi1Y/H0/zpC5 347Q== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCW/RrRa2kvV1J3xNKjOUBZCXn/HYbZFN73SKyZ1uMRIPik5iRwRNnYLJnNSDLx0Pbcnh4Sr@ilbers.de X-Gm-Message-State: AOJu0Yw/HTv1Fk/b7Ds5vMWv28UBfXT0yiZKNOHLYq7W3h5mmiFIKESi IOBn5N3pUndOiFay/cxbnav0yQZeyhLp27r2CxPcNnrBwyohwCpE X-Google-Smtp-Source: AGHT+IEAGuX9+sjplnFRShwWFWSq7MwT4yqkStY6CpB0kXKiqYCaiMagsVl78LY8xKU2PUOPKMGQdA== X-Received: by 2002:a2e:a917:0:b0:302:1e65:f2ab with SMTP id 38308e7fff4ca-307cf3145bcmr21739401fa.20.1738828174215; Wed, 05 Feb 2025 23:49:34 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:a99b:0:b0:306:37e5:9526 with SMTP id 38308e7fff4ca-307da119989ls1369931fa.0.-pod-prod-03-eu; Wed, 05 Feb 2025 23:49:31 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUqHnY6I4mtZZKecZl0HoPauTWWC4kI8jkCNfZ+IyR64BlH05JgYL9Tf/UL9VSVQEloZIk82UKs/yyY@googlegroups.com X-Received: by 2002:a05:651c:1592:b0:300:2848:fc7f with SMTP id 38308e7fff4ca-307cf370b26mr25268751fa.25.1738828171466; Wed, 05 Feb 2025 23:49:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738828171; cv=none; d=google.com; s=arc-20240605; b=l263CAH7yT3YwCx0S3hCY9OPC9QXrZr7EVtnch36XgOzPylqJ7IeSTS5ZK+z2pAhUx mw2r6Db7xJWGFCsL0mKdeConKfL3LuYV+gYp8DSF16B/Zod4FbJ+PRmxPO/mIm0tiVbF ohesptSIBMIu3xQp7RvQ2nN+Mr3Wv36pJwvX8h3dwMqZjG9MYBlsj2HP6nH1NcW6rAtp +V9PPRTPhEQBH0mHB5hjUGOCeV7BpjKCten1mId/hepYxxlw3+rP4wJzbjSTxvbBB7R0 2eT20yqVw4q/bM3TO/D1cis0MgEyd06rl7EuOKNGBcsuV3nrZQn2VdNP7UlpZNNek56n Elgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id; bh=6KbPfosDgWHo/WKP90rsV3RNqRRhfkXTrAnw1Kwt9Gc=; fh=Zkk+86q/8HSlfvqsivN4Rhgq+/VgQOXHpvpboqArOfc=; b=ExGyc5NSSPn7oMwj5wrgrEfoUGxasG86BDm4xAM+HOXiEhs615uXmg/uLvKUcNRejQ 5tC/ZzO8ScPK8ltN7VQQMYa/Go6r+mR4FeMwq5wVvMOnM8UmNWaGonDmjgohZlc1wTpp sHNHeTrvVIftKzStcghdgLPCjeTCphadPlhiQb5BRmlNx+jiA6Fw45WyYs7bH13Dmtgp CzhbXeBniQlX63gqvOAu+5OX+fmsfyYGkSwloo2sdPlmh00wDmxOReTti1rxrLSj4lAv h97swnBKOKS5lm9BfG2JRM5CS251FncqMT9Im7ItR8m73Qtp/sTnPeiluWHmh/OmwVP3 eOJA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-307de2215c2si136201fa.8.2025.02.05.23.49.31 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 05 Feb 2025 23:49:31 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [IPv6:::1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 5167nQqs017868 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 6 Feb 2025 08:49:29 +0100 Message-ID: Subject: Re: [PATCH] doc/user_manual: mention EFI variable access and platform keyring for module signing From: Uladzimir Bely To: "Cetin, Gokhan" , "isar-users@googlegroups.com" Date: Thu, 06 Feb 2025 10:49:26 +0300 In-Reply-To: References: Autocrypt: addr=ubely@ilbers.de; prefer-encrypt=mutual; keydata=mQENBGO2eUkBCACtT+T3OrPVSExBmqfgXT3lp9XcdxRzjYp26wezkgYjjBXaf36bxtaAf S471VoQtpar0RVeFfW7WDDdfX9ZclSj36zBQe+RVSJzoNoNQfjOXWuSHb5Z+cpAFtqBY4muxK4+ia IlLJd6CN3ejOsLHATtCeHHq8wi0z2T+KdLQO+wQRgo2hjj0Lp9pGTrKJry50HP/o7Vbdu14dOx2xq r8+wPc6SQbBIrcqaa4MqCQC00vQG7eXvo+k2MOw59FDdpMH0KR9mHgp3u/s4I+4YRBArukt9G9xz/ rsEFmxAIBC6N/a6Hzwg4puc91n7ABDsPg8Vp+X3MDraujN0dvR6OKVNtABEBAAG0IFVsYWR6aW1pc iBCZWx5IDx1YmVseUBpbGJlcnMuZGU+iQFOBBMBCAA4FiEEJqPNVhVGyk12Eh+PAUQYBM/2FkoFAm O2eUkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQAUQYBM/2FkprlAgAmuna8Hm9EyoEtTl DBGDg6Zm4ZLp5ffvZBE946h92jepDrteoxsJ7pSzJVC2HmDLa4iZUao7lLLbDsUj5x45/iLJcqBZK k3YnAxP2r6a+kI+1VVQY1pxdG1nlJAbdNzoojm/qmezNPSrqni61KVMQKsXBCWhIjSXDSM9CsBj21 a+9qaVqfxovJGTn9lgrZO+xzKQNMKZeOouJlscVuFj21P0ww3/YENiU/nMeTSuYypO76mDtAd08Jo nc3yuHa9MJGei5ixN3wT+IrGR2aL2hdw2M6NgH7sYbL2Zi4ugD6RXHJai1Bh2yvFSVqSQ+M6QOInT 4ud7wslm1XRB065dXtA== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.54.3 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: FXiNAQrMwOLo On Mon, 2025-01-20 at 18:27 +0000, 'Cetin, Gokhan' via isar-users wrote: > Enrolling MOK or importing platform keys is not possible without > access to EFI variables. >=20 > Signed-off-by: Gokhan Cetin > --- > =C2=A0doc/user_manual.md | 10 +++++++++- > =C2=A01 file changed, 9 insertions(+), 1 deletion(-) >=20 > diff --git a/doc/user_manual.md b/doc/user_manual.md > index 62d16c8c..bb8eb21b 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -1127,7 +1127,15 @@ modprobe example-module > =C2=A0mokutil --import /etc/sb-mok-keys/MOK/MOK.der > =C2=A0``` > =C2=A0 > -Use the previously definded password to enroll the key, then reboot. > +Use the previously defined password to enroll the key, then reboot. > + > +If EFI variable access is disabled on kernel (due to high latencies > under RT kernel), > +enrolling will result in failure `EFI variables are not supported on > this system`. > +EFI variable access can be enabled by passing `efi=3Druntime` kernel > parameter. > + > +Similarly, in cases where EFI variables are not supported, the > system will not be able > +to import the keys defined on the platform in the kernel platform > keyring. This will also > +result in kernel modules not being verified if they are signed with > one of these platform keys. > =C2=A0 > =C2=A0**Boot self-signed image**: > =C2=A0 > --=20 > 2.39.2 >=20 Applied to next, thanks. --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= bcfbe788091f0ab76b592f794fb4dbe4b6b8fca6.camel%40ilbers.de.