Jeremy Linton wrote:
> This is IMHO a mistake, the systemd-boot and UKI paths are the perfect
> time to break with shim and require some form of actual fedora/whatever
> secure boot key enrollment on the machine. Shim's fundamentally
> backdooring the UEFI security infrastructure, and frankly some of what
> is being done is pretty sketchy and its somewhat amazing it hasn't
> broken by vendors cleaning up their UEFI implementations*. Furthermore,
> the dependency on MS signing shim is also strongly in the pragmatic but
> not idea category as well.
How about we just use LogoFAIL to bypass Restricted Boot entirely without
bothering with signatures at all?
Kevin Kofler
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
