blob: 845574b15e1b39f485f6fc40c920e57c68dcf39e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
- Versioned protocol:
- Make shim and the bootloaders using it express how enlightened they
are to one another, so we can stop earlier without tricks
- Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with
LoadImage/CheckImage/StartImage.
- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks
- It doesn't necessarily have to include timestamp checking support
- Make the openssl code supply the Pkcs7Verify() API, and use the system
one (instead) if it is available.
- And make building it optional
- Get meb30's multiple-certs patch merged
- Hashing of option roms:
- hash option roms and add them to MokListRT
- probably belongs in MokManager
- And some PCR?
- Ability to specify second stage as a device path
- including vendor path that means "parent of this image's path"
- including vendor path that means "this image"
- including path that's like Fv() to embed images.
# vim:filetype=mail:tw=74
|
