Closed crawfxrd closed 1 month ago
After running ectool.sh security unlock
I get presented with the unlock prompt on every boot - hot or cold - until I cancel out of it.
That doesn't feel correct? I would expect it to prompt for a single boot, and then the standard locked behaviour to reassert on subsequent boots.
Also, should the post ectool.sh security unlock
message highlight that a reboot is insufficient to correctly change the security state?
Currently tool/src/main.rs
line 299 prints "Shut down the system for the security state to take effect" which is technically correct, but could perhaps more forcibly state that a cold boot is required?
After running
ectool.sh security unlock
I get presented with the unlock prompt on every boot - hot or cold - until I cancel out of it.
~Addressed by https://github.com/system76/firmware-setup/pull/45.~
This change was reverted; it's intended behavior for it to show up even when unlocked.
Currently
tool/src/main.rs
line 299 prints "Shut down the system for the security state to take effect" which is technically correct, but could perhaps more forcibly state that a cold boot is required?
Per UEFI wording for ResetType, "Shutdown" is the correct type of event. "Cold" and "Warm" are reset events that will not trigger the EC logic to reboot unlocked.
Add a new error for the case of trying to flash when security is enabled and it is still locked and update the related docs.