mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-06-01 19:55:43 +00:00
24 lines
984 B
Plaintext
24 lines
984 B
Plaintext
Versioned protocol:
|
|
- Make shim and the bootloaders using it express how enlightened they
|
|
are to one another, so we can stop earlier without tricks like
|
|
the one above
|
|
MokListRT signing:
|
|
- For kexec and hybernate to work right, MokListRT probably needs to
|
|
be an authenticated variable. It's probable this needs to be done
|
|
in the kernel boot stub instead, just because it'll need an
|
|
ephemeral key to be generated, and that means we need some entropy
|
|
to build up.
|
|
New security protocol:
|
|
- TBD
|
|
kexec MoK Management:
|
|
Modsign enforcement mgmt MoK:
|
|
- This is part of the plan for SecureBoot patches. Basically these
|
|
features need to be disableable/enableable in MokManager.
|
|
Variable for debug:
|
|
- basically we need to be able to set a UEFI variable and get debug
|
|
output. Right now some code uses SHIM_VERBOSE but that needs a fair
|
|
amount of work to actually be useful.
|
|
Hashing of option roms:
|
|
- hash option roms and add them to MokListRT
|
|
- probably belongs in MokManager
|