* Chris Murphy:
On Tue, Apr 5, 2022 at 9:56 AM Florian Weimer
<fweimer(a)redhat.com> wrote:
>
> * Peter Robinson:
>
> > This is out of context here because you can disable Secure Boot but
> > still use UEFI to make that work. You're trying to link to different
> > problems together.
>
> I think there's firmware out there which enables Secure Boot
> unconditionally in UEFI mode, but still has CSM support.
The UEFI spec makes CSM and Secure Boot mutually exclusive. CSM
enabled renders Secure Boot impossible. So I'm not sure how the
firmware can simultaneously enforce Secure Boot, but then permit the
loading of non-compliant bootloaders.
I meant that without CSM, Secure Boot is always enabled. I don't know
if Fedora UEFI installations work on such systems when CSM is enabled.
Thanks,
Florian