Maybe a better way of handling this would have been to have two updates instead of one:
Update 1: Change SBAT policy to "warn". Then ask the user to press a key to continue if the security generation isn't matching the policy. This allows users to continue using their software and report this to the vendor and update etc.
Update 2: Change SBAT policy to "enforce".
And instead of having SBAT define a single minimal security generation it could have two levels, one for warning and one for enforcing.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2024-08-22 11:22 am (UTC)Update 1: Change SBAT policy to "warn". Then ask the user to press a key to continue if the security generation isn't matching the policy. This allows users to continue using their software and report this to the vendor and update etc.
Update 2: Change SBAT policy to "enforce".
And instead of having SBAT define a single minimal security generation it could have two levels, one for warning and one for enforcing.