mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-08-03 05:20:28 +00:00
22 lines
951 B
Plaintext
22 lines
951 B
Plaintext
- Versioned protocol:
|
|
- Make shim and the bootloaders using it express how enlightened they
|
|
are to one another, so we can stop earlier without tricks
|
|
- Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with
|
|
LoadImage/CheckImage/StartImage.
|
|
- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks
|
|
- It doesn't necessarily have to include timestamp checking support
|
|
- Make the openssl code supply the Pkcs7Verify() API, and use the system
|
|
one (instead) if it is available.
|
|
- And make building it optional
|
|
- Get meb30's multiple-certs patch merged
|
|
- Hashing of option roms:
|
|
- hash option roms and add them to MokListRT
|
|
- probably belongs in MokManager
|
|
- And some PCR?
|
|
- Ability to specify second stage as a device path
|
|
- including vendor path that means "parent of this image's path"
|
|
- including vendor path that means "this image"
|
|
- including path that's like Fv() to embed images.
|
|
|
|
# vim:filetype=mail:tw=74
|