Closed mikebeaton closed 1 year ago
To consider the code expanding in the near future, I still suggest we should make use of "export DEFINES" in Make.defaults to pass down variable(s) to sub-make. Please refer our original discussion https://github.com/rhboot/shim/pull/600
Just export DEFINES
anywhere inside Make.defaults
but not inside a conditional also sounds fine to me. Tyvm.
Am intrigued what the changes are in the near future.
As mentioned in the related issue, it'd be very appreciated if anyone (cc @jejb @vathpela @bluca - if I may) can point to any public discussion (or provide any info here) of the status of OVERRIDE_SECURITY_POLICY
(&/or any issues with using it). As far as I can make out, it dates back to the original Linux Foundation Preloader.efi
, and pretty soon after being added to Shim was made conditional (apparently with the issue being addressed here always present, although I may be misunderstanding something). However it seems like it would be an essential feature for any third-party second stage bootloader (for instance a BLSpec compliant one) which wants to:
Since, AFAICT, a user-build of Shim* is the only way to achieve this at the moment (e.g. a tentative approach to exactly this is here).
*With OVERRIDE_SECURITY_POLICY
enabled, and including @bluca's recent commit.
Without this
make OVERRIDE_SECURITY_POLICY=1
fails withFixes issue #596 and is an alternative to PR #600.