diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2019-02-09 21:28:06 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2019-02-09 21:32:44 -0800 |
| commit | ab4c731c1dd379acd3e95971af57401fb0a650a1 (patch) | |
| tree | 6a26fb8d0746cbbaa6c2d4b242c73442bcc1df06 /TODO | |
| parent | 0d63079c7da8e86104ce4bbdae2f6cb8d2ea40c6 (diff) | |
| parent | 9c12130f9cd2ae11a9336813dd1f1669c0b64ad0 (diff) | |
| download | efi-boot-shim-debian/15+1533136590.3beb971-1.tar.gz efi-boot-shim-debian/15+1533136590.3beb971-1.zip | |
* New upstream release.debian/15+1533136590.3beb971-1
- debian/patches/second-stage-path: dropped; the default loader path now
includes an arch suffix.
- debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
- debian/copyright: Update upstream source location.
- debian/control: add a Build-Depends on libelf-dev.
- Enable arm64 build.
- debian/patches/fixup_git.patch: don't run git in clean; we're not
really in a git tree.
- debian/rules, debian/shim.install: use the upstream install target as
intended, and move files to the target directory using dh_install.
- define RELEASE and COMMIT_ID for the snapshot.
- Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
- Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
options: set MAKELEVEL.
- Define an EFI_ARCH variable, and use that for paths to shim. This
makes it possible to build a shim for other architectures than amd64.
- Set EFIDIR=$distro for dh_auto_install; that will let files be installed
in the "right" final directories, and makes boot.csv for us.
- Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
at compile-time for MokManager and fallback.
- Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
and MokManager.
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 67 |
1 files changed, 44 insertions, 23 deletions
@@ -1,23 +1,44 @@ -Versioned protocol: -- Make shim and the bootloaders using it express how enlightened they - are to one another, so we can stop earlier without tricks like - the one above -MokListRT signing: -- For kexec and hybernate to work right, MokListRT probably needs to - be an authenticated variable. It's probable this needs to be done - in the kernel boot stub instead, just because it'll need an - ephemeral key to be generated, and that means we need some entropy - to build up. -New security protocol: -- TBD -kexec MoK Management: -Modsign enforcement mgmt MoK: -- This is part of the plan for SecureBoot patches. Basically these - features need to be disableable/enableable in MokManager. -Variable for debug: -- basically we need to be able to set a UEFI variable and get debug - output. Right now some code uses SHIM_VERBOSE but that needs a fair - amount of work to actually be useful. -Hashing of option roms: -- hash option roms and add them to MokListRT -- probably belongs in MokManager +- Versioned protocol: + - Make shim and the bootloaders using it express how enlightened they + are to one another, so we can stop earlier without tricks + - Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with + LoadImage/CheckImage/StartImage. +- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks + - It doesn't necessarily have to include timestamp checking support +- Make the openssl code supply the Pkcs7Verify() API, and use the system + one (instead) if it is available. + - And make building it optional +- Get meb30's multiple-certs patch merged +- Hashing of option roms: + - hash option roms and add them to MokListRT + - probably belongs in MokManager + - And some PCR? +- Ability to specify second stage as a device path + - including vendor path that means "parent of this image's path" + - including vendor path that means "this image" + - including path that's like Fv() to embed images. +- Make all build options be able to be set in 'git config --local shim.OPTION' + - Make the build dump those to stdout as well +- make debuginfo paths configurable +- make arch dependent names configurable +- Make it easier to avoid CryptPem +- Make an easy strip+implant tool for our embedded cert lists +- Post process full path names out of __FILE__ / __BASE_FILE__ entries in + the string table :/ +- Make build.log an artifact of building. +- KEK for Mok. (koike expressed an interest in working on this.) +- Detection of fallback.efi boot loops + - Some tablet devices seem to always boot the fallback path, ignoring + boot variables, so we need to detect that. + - fallback creates 2 variables, one volatile, one nonvolatile + - if shim sees the nonvolatile variable but not the volatile one, it has + been booted correctly after fallback has run, so it should remove the + nonvolatile variable. + - if fallback sees the nonvolatile variable, it is in a fallback boot + loop, and should launch the next stage instead of rebooting. + - This means the TPM extend chain on machines with broken BDS always + looks like: shim -> fallback -> shim -> grub2 -> kernel, *except* on + boots from removable media (i.e. install media without fallback), + where it looks like shim -> grub2 -> kernel /once/. + +# vim:filetype=mail:tw=74 |