Shim: Add support for vendor_db built-in shim whitelist

I am not sure, but this might be something interesting:

Potential new signing strategies ( for example signing grub, fwupdate and vmlinuz with separate certificates ) require shim to support a vendor provided bundle of trusted certificates and hashes, which allows shim to “whitelist” EFI binaries matching either certificate by signature, or hash in the vendor_db. Functionality is similar to vendor_dbx ( vendor blacklist ).

https://github.com/rhboot/shim/commit/bd89dabf5fc767e3824fd8b9e94b044cdb578fb1

There are probably many other more interesting checkins to this important codebase:

https://github.com/rhboot/shim/commits/master

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s