Future Enh: Secure Boot support - select one or more options #7
Labels
future enhancement
Enhancement that won't be worked anytime soon #sadface
Comments
oom-is
changed the title
oom-is
added
future enhancement
|
See here for an easy-to-use secure boot PBA implementation based on sedutil using Grub 2: Drive-Trust-Alliance#301 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are several ways to support Secure Boot; one path would be to switch to GRUB2 for the PBA bootloader but that potentially opens up additional "hard to explain/perceived" attack surface and would increase the size/complexity of the PBA image.
What's the best way to support Secure Boot with minimal changes? (See DTA Drive-Trust-Alliance#181 and DTA Drive-Trust-Alliance#301 for previous discussion.) A signed PBA image which could have appropriate keys/certs/trust anchors added to a v2.0 TPM seems the least painful - see DTA Drive-Trust-Alliance#259 for details on that approach.
The text was updated successfully, but these errors were encountered: