grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 4/4] kern/efi/sb: Use shim to verify font files

From: Steve McIntyre
Subject: Re: [RFC PATCH 4/4] kern/efi/sb: Use shim to verify font files
Date: Tue, 6 Dec 2022 16:18:52 +0000
User-agent: Mutt/1.10.1 (2018-07-13) 
On Tue, Dec 06, 2022 at 11:09:57AM -0500, Robbie Harwood wrote:
>Zhang Boyang <zhangboyang.id@gmail.com> writes:
>
>> Since font files can be wrapped as PE images by grub-wrap, use shim to
>> verify font files if Secure Boot is enabled. To prevent other PE files
>> (e.g. kernel images) used as wrappers, it only allows files marked as
>> Windows GUI used as wrappers.
>
>Thanks for writing this; it's helpful to have something concrete to look
>at.

Definitely!

>This approach is very font-focused, and while I understand that given
>the discussion, I do still wonder if it wouldn't be better to make fonts
>an instance of modules.  If fonts become instances of modules, and
>modules are wrapped into PE files, that not only seems cleaner but also
>gives us signed module support without baking those into the image.
>
>What do you think?

Nod, that probably makes more sense if we want to go this way. I'm not
sure we do personally, but...

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Dance like no one's watching. Encrypt like everyone is.
 - @torproject
reply via email to
[Prev in Thread] Current Thread [Next in Thread]