Missing KEK and DB variables with secure boot disabled
Colin Ian King
colin.king at canonical.com
Fri Sep 26 08:53:35 UTC 2014
On 26/09/14 09:48, Matt Fleming wrote:
> Hi folks,
>
> I'm currently running the securebootcert test on an Intel SDV and seeing
> failures for missing KEK and DB variables, despite the fact that secure
> boot isn't enabled and we're in setup mode, i.e.,
>
> securebootcert: The secure boot variable DB not found.
> securebootcert: The secure boot variable KEK not found.
>
> It's not clear to me that these should be failures in this scenario,
> which is pretty common when you're working on a non-OEM machine.
>
> What's the rationale for making these missing variables a hard fail?
I guess that's just an oversight.
> And
> do people think it would be reasonable to relax this test in non-secure
> mode?
>
+1 on that.
I've file a bug, https://bugs.launchpad.net/fwts/+bug/1374351
Ivan, do you mind looking at at this? Thanks!
Colin
More information about the fwts-devel
mailing list