3 Oct 2024 |
ElvishJerricco | yea, and like regular lanzaboote stub it would just contain the path and hash of the component rather than its contents | 21:00:42 |
ElvishJerricco | but yea the point is to separate code from manifest | 21:01:21 |
ElvishJerricco | e.g. so that one day we can have vendor signed lanzaboote and MOK signed manifests | 21:01:34 |
raitobezarius | which is achieved ironically by making the manifest an executable | 21:01:35 |
ElvishJerricco | yes :P | 21:01:44 |
raitobezarius | someday, secureboot 2.0 will happen | 21:01:59 |
ElvishJerricco | other than SBAT by default, what would you change? | 21:02:38 |
raitobezarius | well | 21:02:45 |
raitobezarius | secureboot 2.0 is already a thing | 21:02:48 |
ElvishJerricco | oh? | 21:02:53 |
ElvishJerricco | didn't know that | 21:02:55 |
raitobezarius | ~6 months ago, there was a presentation / discussions among the secureboot folks | 21:03:06 |
ElvishJerricco | is there a link? | 21:03:14 |
raitobezarius | i think they want to fix things like the fact that's it very non-democratic / non user owned | 21:03:16 |
raitobezarius | In reply to @elvishjerricco:matrix.org is there a link? not that i'm aware of | 21:03:29 |
raitobezarius | probably if you infiltrate the UEFI forum | 21:03:37 |
raitobezarius | you can find the informations | 21:03:39 |
ElvishJerricco | heh bummer | 21:03:50 |