sbctl icon indicating copy to clipboard operation
sbctl copied to clipboard
verified publisher icon Foxboron

[Suggestion] Use AuditMode to check OPROM sig/hash validity.

Open schichtnudelauflauf opened this issue 2 months ago • 1 comments

I just teste the new AuditMode and use this issue to post collected links where to find and how to parse the Image Execution Table that helps verifying boot chain without actually locking.

If nobody else does and I find the mousse to implement it, I will post a patch to sbctl.

From a Chat:

Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table

Efi variable GUID d719b2cb-3d3a-4596-a3bc-dad00e67656f

https://github.com/m132/image-exec-info

Du: https://openvmm.dev/rustdoc/windows/src/uefi_specs/uefi/nvram.rs.html#192-193

Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table

Efi variableit GUID d719b2cb-3d3a-4596-a3bc-dad00e67656f

https://github.com/m132/image-exec-info

Der untere Link da zeigt wie grob die Structs daraus geparsed werden wenns Binary ist und nicht string

schichtnudelauflauf avatar Oct 17 '25 09:10 schichtnudelauflauf

I just teste the new AuditMode and use this issue to post collected links where to find and how to parse the Image Execution Table that helps verifying boot chain without actually locking.

AFAIK this is not exposed to the kernel, and/or dropped after BootServices are exited. So it's unclear to me if this is something we can actually take advantage of.

Foxboron avatar Oct 17 '25 09:10 Foxboron