On Thu, Mar 14, 2024 at 7:24 AM Jan Beulich <jbeul...@suse.com> wrote: > > On 13.03.2024 16:07, Ross Lagerwall wrote: > > In addition to the existing address and ELF load types, specify a new > > optional PE binary load type. This new type is a useful addition since > > PE binaries can be signed and verified (i.e. used with Secure Boot). > > And the consideration to have ELF signable (by whatever extension to > the ELF spec) went nowhere? >
I'm not sure if you're referring to some ongoing work to create signable ELFs that I'm not aware of. I didn't choose that route because: * Signed PE binaries are the current standard for Secure Boot. * Having signed ELF binaries would mean that code to handle them needs to be added to Shim which contravenes its goals of being small and simple to verify. * I could be wrong on this but to my knowledge, the ELF format is not being actively updated nor is the standard owned/maintained by a specific group which makes updating it difficult. * Tools would need to be updated/developed to add support for signing ELF binaries and inspecting the signatures. I am open to suggestions of course but I'm not sure what benefits there would be to going the ELF route. Ross _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
