diff options
| author | Peter Jones <pjones@redhat.com> | 2013-09-05 16:56:03 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2013-10-01 14:03:16 -0400 |
| commit | b538992dd4f963bf1eb61246b23218f2ccc6092e (patch) | |
| tree | 6781fe9eb2d5af6635cca92a665ba0b6169fd501 /TODO | |
| parent | 39df41ceb5a793f7db9233a2741d30c55b6a8861 (diff) | |
| download | efi-boot-shim-b538992dd4f963bf1eb61246b23218f2ccc6092e.tar.gz efi-boot-shim-b538992dd4f963bf1eb61246b23218f2ccc6092e.zip | |
Include shim's vendor_cert in MokListRT
There needs to be some way to communicate to the kernel that it's a
trusted key, and since this mechanism already exists, it's by far the
easiest.
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 2 |
1 files changed, 0 insertions, 2 deletions
@@ -2,8 +2,6 @@ Versioned protocol: - Make shim and the bootloaders using it express how enlightened they are to one another, so we can stop earlier without tricks like the one above -MokListRT containing shim key: -- MokListRT has to contain the shim key... MokListRT signing: - For kexec and hybernate to work right, MokListRT probably needs to be an authenticated variable. It's probable this needs to be done |