Closed jsetje closed 2 years ago
Control how shim will apply SBAT revocations:
mokutil --set-sbat-policy latest
applies the latest SBAT revocations (default behavior)
mokutil --set-sbat-policy previous
applies previous SBAT revocations to allow falling back to an older release
In both of the above cases shim will only apply SBAT revocations that are newer than the ones currently installed.
mokutil --set-sbat-policy delete
resets SBAT revocations only if Secure Boot is disabled. This setting does not persist.
Signed-off-by: Jan Setje-Eilers Jan.SetjeEilers@oracle.com
This goes along with https://github.com/rhboot/shim/pull/467 This was developed to account for supporting sbat revocations as a non-authenticated boot services variable.
Thanks for the patch!
Control how shim will apply SBAT revocations:
mokutil --set-sbat-policy latest
mokutil --set-sbat-policy previous
In both of the above cases shim will only apply SBAT revocations that are newer than the ones currently installed.
mokutil --set-sbat-policy delete
Signed-off-by: Jan Setje-Eilers Jan.SetjeEilers@oracle.com