Adventures with the UEFI shim
Paul Moore
paul at paul-moore.com
Mon Dec 7 15:58:14 GMT 2020
On Wed, Dec 2, 2020 at 5:02 PM Paul Moore <paul at paul-moore.com> wrote:
> On Wed, Dec 2, 2020 at 1:37 PM Javier Martinez Canillas
> <fmartine at redhat.com> wrote:
> > On 12/2/20 6:49 PM, Paul Moore wrote:
> > > On Tue, Nov 24, 2020 at 1:58 PM Paul Moore <paul at paul-moore.com> wrote:
> > >> On Tue, Nov 17, 2020 at 11:34 AM Paul Moore <paul at paul-moore.com> wrote:
> > >>> Relying on the signed distro build highlights the idea that the
> > >>> ExitBootServices check isn't critical to the UEFI SB security model;
> > >>> the important authorization is the signature on the bootloader itself,
> > >>> not whether or not the bootloader calls into the shim verification
> > >>> protocol.
> > >>>
> > >>> Regardless, as you said, this isn't our code, it would be nice to hear
> > >>> a verdict from the shim maintainers on the ExitBootServices check.
> > >>
> > >> Thoughts Peter?
> > >
> > > Peter? Javier? Any of the UEFI shim folks?
> >
> > I already gave you my opinion about it but I'm not that familiar with
> > that part of the shim code to have an authoritative answer on this.
>
> Thanks Javier. Perhaps I should change my question slightly; who is
> responsible for maintaining the UEFI shim, or in other words who is
> going to make the final decision to accept or reject this? Is that
> Peter?
Bueller? Bueller?
So nobody wants to claim responsibility here? That isn't very reassuring ... ;)
--
paul moore
www.paul-moore.com
More information about the Efi
mailing list