Adventures with the UEFI shim
Javier Martinez Canillas
fmartine at redhat.com
Wed Dec 2 18:37:03 GMT 2020
Hello Paul,
On 12/2/20 6:49 PM, Paul Moore wrote:
> On Tue, Nov 24, 2020 at 1:58 PM Paul Moore <paul at paul-moore.com> wrote:
>> On Tue, Nov 17, 2020 at 11:34 AM Paul Moore <paul at paul-moore.com> wrote:
>>> Relying on the signed distro build highlights the idea that the
>>> ExitBootServices check isn't critical to the UEFI SB security model;
>>> the important authorization is the signature on the bootloader itself,
>>> not whether or not the bootloader calls into the shim verification
>>> protocol.
>>>
>>> Regardless, as you said, this isn't our code, it would be nice to hear
>>> a verdict from the shim maintainers on the ExitBootServices check.
>>
>> Thoughts Peter?
>
> Peter? Javier? Any of the UEFI shim folks?
>
I already gave you my opinion about it but I'm not that familiar with
that part of the shim code to have an authoritative answer on this.
Best regards,
Javier
More information about the Efi
mailing list