diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 23 |
1 files changed, 20 insertions, 3 deletions
@@ -1,14 +1,31 @@ - Versioned protocol: - Make shim and the bootloaders using it express how enlightened they - are to one another, so we can stop earlier without tricks like the one - above - - Make a LoadImage/CheckImage/StartImage based protocol + are to one another, so we can stop earlier without tricks + - Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with + LoadImage/CheckImage/StartImage. +- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks + - It doesn't necessarily have to include timestamp checking support +- Make the openssl code supply the Pkcs7Verify() API, and use the system + one (instead) if it is available. + - And make building it optional +- Get meb30's multiple-certs patch merged - Hashing of option roms: - hash option roms and add them to MokListRT - probably belongs in MokManager + - And some PCR? - Ability to specify second stage as a device path - including vendor path that means "parent of this image's path" - including vendor path that means "this image" - including path that's like Fv() to embed images. +- Make all build options be able to be set in 'git config --local shim.OPTION' + - Make the build dump those to stdout as well +- make debuginfo paths configurable +- make arch dependent names configurable +- Make it easier to avoid CryptPem +- Make an easy strip+implant tool for our embedded cert lists +- Post process full path names out of __FILE__ / __BASE_FILE__ entries in + the string table :/ +- Make build.log an artifact of building. +- KEK for Mok. (koike expressed an interest in working on this.) # vim:filetype=mail:tw=74 |