2040107 – [RFE] Install shimx64.efi twice to be readable by non-root users

Bug 2040107 - [RFE] Install shimx64.efi twice to be readable by non-root users

Summary: [RFE] Install shimx64.efi twice to be readable by non-root users

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	shim
Sub Component:
Version:	CentOS Stream
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Bootloader engineering team
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-13 00:18 UTC by Steve Baker
Modified:	2023-07-13 07:31 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-13 07:31:53 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-107734	0	None	None	None	2022-01-13 00:33:16 UTC

Description Steve Baker 2022-01-13 00:18:26 UTC

This is a request for packaging to also install the shim efi files in a /usr location which is accessible by all users.

There are use cases for shimx64.efi beyond booting the machine it is installed on. Specifically serving shimx64.efi over tftp to a remote machine will make it possible to enable secure boot for baremetal provisioning in OpenStack Ironic by using (signed) grub network boot instead of iPXE.

Requiring root just to copy shimx64.efi into the /tftpboot directory constrains /tftpboot population to a privileged tool. This has drawbacks, for example when the shim package is updated.

Comment 1 Robbie Harwood 2022-01-13 15:02:00 UTC

> Requiring root just to copy shimx64.efi into the /tftpboot directory constrains /tftpboot population to a privileged tool. This has drawbacks, for example when the shim package is updated.

Root is not required.  Just unpack the rpm cpio ball and get grubx64.efi from there.

Comment 5 RHEL Program Management 2023-07-13 07:31:53 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Note You need to log in before you can comment on or make changes to this bug.