Morten Linderud
Morten Linderud
@AkechiShiro If you want to want to work on this please do :) Make an issue template as described by github; https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms
I think this is partially going to be solved with `go-uefi`. I have implemented a POC efivars analyzer: https://github.com/Foxboron/go-uefi/blob/master/cmd/efianalyze/main.go
A relative path just implies that we are expanding. The `NAME` argument should preferably be better explained. We could just call it `PATH` like the rest of them?
I don't personally have any use for MOK+shim. `mokutils` seems fairly usable and I don't see what is missing from a usability standpoint? The Microsoft CA stuff is going to...
>Please make it opt-in rather than opt-out. Can't do that. We don't know if there is any signed oprom in the boot process and if we enroll custom signing keys...
>You mean sbctl enroll-keys will automatically add Microsoft's keys in the future? I'm probably going to abstract away `create-keys` and `enroll-keys` into a `setup` command which is going to be...
>You mean sbctl enroll-keys will automatically add Microsoft's keys in the future? I'm probably going to abstract away `create-keys` and `enroll-keys` into a `setup` command which is going to be...
>Isn't signing the oproms with the new keys also a possibility? Then you need to start hardware hacking. Oprom extraction, modify it and write it back. It's not something that...
>the hash of the existing ROM can be added to the db, right? This would also eliminate a roll-back attacks where an adversary installs an older vulnerable version of an...
Wait, I forget if we need the authenticode checksum or a standard sha256sum of the file for the `db` and `dbx` variable?