efi-boot-shim.git/TODO, branch Version_15

Add another TODO for shim-16

2018-04-04T20:49:43+00:00

Signed-off-by: Peter Jones

Add some TODO items for shim-16

2018-03-23T19:06:32+00:00

Signed-off-by: Peter Jones

Update TODO with some stuff

2017-08-11T19:18:39+00:00

Signed-off-by: Peter Jones

Update for Josh's changes.

2013-10-02T17:33:52+00:00

Signed-off-by: Peter Jones

Include shim's vendor_cert in MokListRT

2013-10-01T18:03:16+00:00

There needs to be some way to communicate to the kernel that it's a trusted key, and since this mechanism already exists, it's by far the easiest.

Harden shim against non-participating bootloaders.

2013-10-01T18:03:16+00:00

It works like this: during startup of shim, we hook into the system's ExitBootServices() and StartImage(). If the system's StartImage() is called, we automatically unhook, because we're chainloading to something the system can verify. When shim's verify is called, we record what kind of certificate the image was verified against. If the call /succeeds/, we remove our hooks. If ExitBootServices() is called, we check how the bootloader verified whatever it is loading. If it was verified by its hash, we unhook everything and call the system's EBS(). If it was verified by certificate, we check if it has called shim_verify(). If it has, we unhook everything and call the system's EBS() If the bootloader has not verified anything, and is itself verified by a certificate, we display a security violation warning and halt the machine.

Remove TODO items fixed by merging lf_merge and lcp/lf-security-override.

2013-10-01T18:03:16+00:00

Signed-off-by: Peter Jones

Add MokListRT option rom entry.

2013-09-23T17:24:48+00:00

Signed-off-by: Peter Jones

Update TODO with missing description.

2013-09-23T15:05:08+00:00

Signed-off-by: Peter Jones

Made TODO represent the present.

2013-09-23T14:48:41+00:00

Signed-off-by: Peter Jones