Secure Boot Certification #318
Comments
|
Why do this specifically for ShredOS? Has the end-to-end secure boot signing process been documented somewhere (outside of the bureaucrazy at Microsoft)? There are merits to the idea but I can't help but think it would be better to make this into its own separate process (and more democratic bureaucrazy) to serve as middle-man between the beast of MS and the various FLOSS communities who might enjoy secure boot signing. |
It's on a per product base, so if MS shim it's for shredos and shredos only
The current hang of Floss is to take a valid shim that's either be signed to the distribution (Ubuntu) or cross signed by MS (I believe red hat). There are possibilities to chain valid shims before the actual shredos shim without requesting a validation. I was just throwing it out here. @PartialVolume what do you think? |
@PartialVolume @Knogle
I would like to throw in a crazy proposal:
#8 is pretty much as old as this repo
I believe that the secure boot certification process is only half as terrible as we all believe.
In the case of shredOS none of the preinstalled packages / drivers will flag any larger security issues.
The 2 man squad of 2Pint Software has done it and I know people at Microsoft, maybe we can just give this a try:
UPDATED: UEFI Signing Requirements (external link to Microsoft)
I might know somebody with experience in this space within the Microsoft BizSpark Program and reach out to get some help.
With some helping hand this might be less complicated than universally assumed because nobody ever goes and asks Microsoft for an audit of the code because it's Microsoft.
There would be some bureaucrazy (pun intended) to do that. Most notably an EV certificate made out on an organization, but I think open collective could be on board for that. Alternatively I know people at the linux foundation.
The text was updated successfully, but these errors were encountered: