diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 23 |
1 files changed, 23 insertions, 0 deletions
@@ -0,0 +1,23 @@ +Versioned protocol: +- Make shim and the bootloaders using it express how enlightened they + are to one another, so we can stop earlier without tricks like + the one above +MokListRT signing: +- For kexec and hybernate to work right, MokListRT probably needs to + be an authenticated variable. It's probable this needs to be done + in the kernel boot stub instead, just because it'll need an + ephemeral key to be generated, and that means we need some entropy + to build up. +New security protocol: +- TBD +kexec MoK Management: +Modsign enforcement mgmt MoK: +- This is part of the plan for SecureBoot patches. Basically these + features need to be disableable/enableable in MokManager. +Variable for debug: +- basically we need to be able to set a UEFI variable and get debug + output. Right now some code uses SHIM_VERBOSE but that needs a fair + amount of work to actually be useful. +Hashing of option roms: +- hash option roms and add them to MokListRT +- probably belongs in MokManager |