Adventures with the UEFI shim
Paul Moore
paul at paul-moore.com
Wed Dec 2 22:02:30 GMT 2020
On Wed, Dec 2, 2020 at 1:37 PM Javier Martinez Canillas
<fmartine at redhat.com> wrote:
> On 12/2/20 6:49 PM, Paul Moore wrote:
> > On Tue, Nov 24, 2020 at 1:58 PM Paul Moore <paul at paul-moore.com> wrote:
> >> On Tue, Nov 17, 2020 at 11:34 AM Paul Moore <paul at paul-moore.com> wrote:
> >>> Relying on the signed distro build highlights the idea that the
> >>> ExitBootServices check isn't critical to the UEFI SB security model;
> >>> the important authorization is the signature on the bootloader itself,
> >>> not whether or not the bootloader calls into the shim verification
> >>> protocol.
> >>>
> >>> Regardless, as you said, this isn't our code, it would be nice to hear
> >>> a verdict from the shim maintainers on the ExitBootServices check.
> >>
> >> Thoughts Peter?
> >
> > Peter? Javier? Any of the UEFI shim folks?
>
> I already gave you my opinion about it but I'm not that familiar with
> that part of the shim code to have an authoritative answer on this.
Thanks Javier. Perhaps I should change my question slightly; who is
responsible for maintaining the UEFI shim, or in other words who is
going to make the final decision to accept or reject this? Is that
Peter?
--
paul moore
www.paul-moore.com
More information about the Efi
mailing list