-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
uefi-sbat: Add a new plugin that can apply revocations to SbatLevelRT #7328
base: main
Are you sure you want to change the base?
Conversation
9b567c5
to
0bb71e2
Compare
871debe
to
51439c1
Compare
Okay, now this works for me. For testing I've been using:
The former loading on To test we're refusing to deploy the new SBAT policy if any of the detected shim binaries are too old, you can do:
|
51439c1
to
d818907
Compare
Looking at the rest of the new code, I'm a bit confused what the "firmware" is in this context? I assume it would be a revocations.efi blob that has an automatic payload? Edit: I'm happy to expand that implementation a bit if that's helpful. I think I've been convinced that being able to deliver separate SbatLevel and SkuSi binaries so that combinations can be selected to be applied on a single reboot is useful. |
Type of pull request: