Hooloovoo, kernel{, }hacker. Building better worlds. Opinions are messages from space. Facts approximate. Photos are square. he/they. 0.9x eng 🚴 :mbta: Ban cars.
Hooloovoo, kernel{, }hacker. Building better worlds. Opinions are messages from space. Facts approximate. Photos are square. he/they. 0.9x eng 🚴 :mbta: Ban cars.
If you have anything to do with Secure Boot on a linux distro, I've written a tool to help with the upcoming UEFI CA expiry and transition to the 2023 certificates, and I could use feedback. Here's my draft PR: https://github.com/rhboot/efivar/pull/294 . (Yes, putting it in efivar is somewhat arbitrary, but all the other options are about the same.)
The idea here is that a distro will provide several of the same shim binary in their packaging, i.e. shimx64.msft2011.efi, shimx64.msft2023.efi, shimx64.msft2011.msft2023.efi, and it'll sort them by how appropriate they are for the current system (or test databases provided on the command line), so then the OS packaging or installer can determine what to actually install as the bootloader.
General feedback here is fine, but if you have concrete suggestions on ways to improve that PR, feel free to leave feedback there as well.
