| 3 Oct 2024 |
 raitobezarius | there's a big problem that has been realized regarding dual boot operations | 21:24:10 |
| raitobezarius | https://github.com/uapi-group/specifications/pull/117 | 21:24:34 |
| raitobezarius | so maybe maybe there could be per-OS specific stuff | 21:24:42 |
| raitobezarius | but unclear to me yet | 21:24:44 |
 ElvishJerricco | well, DPS isn't necessary for secure boot, strictly speaking | 21:26:13 |
| ElvishJerricco | I was about to complain I wish I could read that diff in actual markdown, and then I discovered github has a "rich diff" view. Neat | 21:27:07 |
| ElvishJerricco | ... and it's not useful for tables :P | 21:27:26 |
 Arian | Btw i dont think After=multi-user.target is a hack | 21:39:17 |
| Arian | It's even documented in https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/ | 21:39:42 |
| ElvishJerricco | Arian: I genuinely cannot understand what that section of that page is saying | 21:43:54 |
| ElvishJerricco | "such a unit" is ordered... After=boot-complete.target, but is wanted by multi-user.target (and therefore ordered Before= it), which does not contain cycles. So to prevent cycles, we should order it... After=multi-user.target? Huh? | 21:44:55 |
| ElvishJerricco | boot-complete.target isn't ordered after multi-user.target | 21:45:08 |
| ElvishJerricco | er, | 21:45:29 |
| ElvishJerricco | is it? | 21:45:30 |
| ElvishJerricco | the unit in the systemd package just says After=sysinit.target | 21:45:49 |
| raitobezarius | In reply to @elvishjerricco:matrix.org
(look at that, Apple has MOK built in, unlike UEFI :P) Tbh MOK could be built in EDK2 | 22:27:29 |
| raitobezarius | It's kinda just a choice | 22:27:34 |
| raitobezarius | I would literally bet that the Apple secure element impl is just the obvious EDK2 package in there | 22:28:01 |
| raitobezarius | (interestingly: there's very few non TPM2, e.g. ARM TrustZone and similar code support in the Linux trusted system ecosystem) | 22:28:38 |
 emily | no, there's no EDK2 on Apple's platform. they have a custom L4-based microkernel for the Secure Enclave | 22:32:08 |
| emily | no UEFI on the host side of the SoC either | 22:32:28 |
| emily | their firmware chain is much more minimal | 22:35:04 |
| emily | there's not even a keyboard driver to show the boot menu without booting a mini-macOS | 22:35:20 |
| raitobezarius | I think you are thinking of Apple M1? | 22:38:31 |
| ElvishJerricco | oh wait is that not what we're talking about? | 22:38:48 |
| ElvishJerricco | the per-OS thing emily was talking about is an apple silicon thing | 22:39:25 |
| raitobezarius | It's true that Apple Silicon was mentioned first | 22:39:28 |
| emily | I'm a little confused, where would EDK2 be involved on any current Apple platform? | 22:39:52 |
| raitobezarius | But my brain went on Apple T2 | 22:39:52 |
| emily | ah | 22:40:02 |
