SBAT feedback
Steve McIntyre
steve at einval.com
Thu Mar 4 15:30:58 GMT 2021
Hi Paul!
Apologies for not responding sooner, along with lots of other people
I've been tied up with the GRUB fixes and related work for the last
couple of weeks. :-/
On Wed, Feb 24, 2021 at 11:56:45AM -0500, Paul Moore wrote:
>On Mon, Feb 1, 2021 at 3:19 PM Steve McIntyre <steve at einval.com> wrote:
>> Hey folks,
>>
>> Talking about the SBAT design in
>>
>> https://github.com/rhboot/shim/blob/sbat/SBAT.md
>>
>> I'm thinking the mailing list would be a good place to take discussion
>> of the design document ...
>
>I'm currently working my way through the SBAT.md doc so no real
>comments from me, but I do have a question - one that I suspect a lot
>of folks will have if they don't already: when are new shim
>review/signing submissions going to be required to use this new
>approach? For example, can I submit a shim review this week, based on
>the 15.2 branch, or do all shim review submissions from this point on
>require the submission utilize SBAT?
AIUI, at this point Microsoft are not going to be happy signing
anything without SBAT now. That's likely going to make some people
unhappy, but the ever-diminishing space for DBX updates is terrifying
people.
AFAIK almost all of the expected signing targets now have SBAT support
available. We're waiting on some fixes for shim, then a 15.3 release
is due any time now. If you're hoping to get something reviewed and
signed, I'd strongly recommend you move on to that when it's ready.
Cheers,
Steve
--
Steve McIntyre, Cambridge, UK. steve at einval.com
"...In the UNIX world, people tend to interpret `non-technical user'
as meaning someone who's only ever written one device driver." -- Daniel Pead
More information about the Efi
mailing list