[PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

Matthew Garrett mjg59 at srcf.ucam.org
Wed Feb 9 16:49:57 UTC 2022


On Wed, Feb 09, 2022 at 02:27:51PM +0000, Aditya Garg wrote:
> From: Aditya Garg <gargaditya08 at live.com>
> 
> On T2 Macs, the secure boot is handled by the T2 Chip. If enabled, only
> macOS and Windows are allowed to boot on these machines. Thus we need to
> disable secure boot for Linux. If we boot into Linux after disabling
> secure boot, if CONFIG_LOAD_UEFI_KEYS is enabled, EFI Runtime services
> fail to start, with the following logs in dmesg

Which specific variable request is triggering the failure? Do any 
runtime variable accesses work on these machines?



More information about the Linux-security-module-archive mailing list