Adventures with the UEFI shim
Matthew Garrett
mjg59 at google.com
Fri Nov 13 17:15:35 GMT 2020
On Fri, Nov 13, 2020 at 8:25 AM Javier Martinez Canillas
<fmartine at redhat.com> wrote:
> That is, maybe using a different PCR for db and dbx? That way PCR7
> will have stable measurements across firmware updates, and if db/dbx
> should be part of a PCR policy, then this other PCR could be used in
> conjunction with PCR7.
db/dbx are measured into PCR7 by the system firmware, so we don't get
a say in that.
More information about the Efi
mailing list