3 Oct 2024 |
ElvishJerricco | yea, and like regular lanzaboote stub it would just contain the path and hash of the component rather than its contents | 21:00:42 |
ElvishJerricco | but yea the point is to separate code from manifest | 21:01:21 |
ElvishJerricco | e.g. so that one day we can have vendor signed lanzaboote and MOK signed manifests | 21:01:34 |
raitobezarius | which is achieved ironically by making the manifest an executable | 21:01:35 |
ElvishJerricco | yes :P | 21:01:44 |
raitobezarius | someday, secureboot 2.0 will happen | 21:01:59 |
ElvishJerricco | other than SBAT by default, what would you change? | 21:02:38 |
raitobezarius | well | 21:02:45 |
raitobezarius | secureboot 2.0 is already a thing | 21:02:48 |
ElvishJerricco | oh? | 21:02:53 |
ElvishJerricco | didn't know that | 21:02:55 |
raitobezarius | ~6 months ago, there was a presentation / discussions among the secureboot folks | 21:03:06 |