SBAT feedback

[Paul Moore]

On Thu, Mar 4, 2021 at 10:31 AM Steve McIntyre <steve at einval.com> wrote:
>
> Hi Paul!

Hi :)

> AFAIK almost all of the expected signing targets now have SBAT support
> available. We're waiting on some fixes for shim, then a 15.3 release
> is due any time now. If you're hoping to get something reviewed and
> signed, I'd strongly recommend you move on to that when it's ready.

Thanks for the clarification.  I've got a few follow-up questions:

* I see a 15.3 shim branch now, is that ready for us to use as a base,
or is there still work pending?

* Is there any guidance on the SBAT metadata, for example
component/vendor names?  I'm happy to just pick values that make sense
for our shim build, but I'm guessing the powers that be are going to
want to setup a registry somewhere, no?

* What about signed vendor key PE files, is that going to be a
requirement for new shim review/signing submissions based on 15.3?

I apologize for all the questions, but with most of the decisions and
development happening in private, it is very hard for most of us to
figure out what is going on and what is expected of reviews starting
now (or soon).

-- 
paul moore
www.paul-moore.com