Jan Janssen

What I would really love to see is mpv pausing long enough until full playback can be achieved. So if we receive data slower than we consume it (factoring in...

But the way it is now, it provides boot times for userspace tools that don't know about stub times yet. And once those tools do know about them, they can...

And what is that gonna achieve? Without a reference start time it is useless (old userspace will not look at it). With both set to the same value, they are...

@DaanDeMeyer Here you go. @ardbiesheuvel In case you're interested. (And yes, it uses the security arch hack for sake of usability. It can be disabled though)

> gah, patching around in the protocol vtables has this shim smell to it. Can't say I love this... > > I wished there was another way... There is: sign...

I've changed systemd-measure, though it's only compile-time tested. Though, those changes would be unnecessary if a EFI var is used to toggle the secure boot workaround off…

I replaced this with a EFI var to toggle this on/off. It's far simpler and doesn't require any changes in assembling the UKI.

> The efi var makes no sense to me, the builder of the UKI knows how the internal image is signed, and noone else really. Once it#s wrapped in a...

I fail to see the point of a kill switch. Again: the distro is in no position to know if the image will be trusted on the target system or...

Hooking into security arch protocol like this is ultimately an ugly hack. It's manipulating an internal firmware data structure so we can trick it to trust our kernel image. This...