Morten Linderud
Morten Linderud
The answer is that it doesn't. ``` λ grype main» ./main archlinux ✔ Vulnerability DB [updated] ✔ Parsed image ✔ Cataloged packages [113 packages] ✔ Scanned image [5 vulnerabilities] NAME...
Closing as there was no replies.
Now followup so considering this solved.
I suspect this is solved with some of the recent documentation we have on properly getting into user mode.
@dkwo Yes, I need to find some more motivation to work on the less cool parts of `sbctl` soon I reckon.
I'm quite sure the LVFS update capsules for `dbx` works without the Microsoft KEK. I can implement support for enrolling the Microsoft KEK or have an `update-dbx` feature though.
@DHowett Yo, I've taken a stab at implementing this with https://github.com/Foxboron/sbctl/pull/222. It uses your outline but extends the option to allow picking from dbDefault, KEKDefault and PKDefault. I'll close this...
Should be fixed with https://github.com/Foxboron/sbctl/commit/af36eca1bce5c1b9bb1fe8ab5ba58528fcf945c7
You need to use the shim and load the `db` key into the `MOKList`. This isn't something `sbctl` is going to support without a `shim`/`MOK` mode or setup awareness.
My running theory is that using `e.Process.Wait` instead of `e.Wait()` is the main issue, as we are exiting the before everything is written to stdout/stdin/stderr. I'm at a loss on...