memtest86plus

NuKVM/memtest86plus

Fork 0

mirror of https://github.com/memtest86plus/memtest86plus.git synced 2024-12-02 11:59:08 -06:00

Commit Graph

Author	SHA1	Message	Date
Peter Jones	04980dfda3	EFI: Add support for .sbat signature revocations This patch adds a new section, ".sbat", which allows for the revocation of signed binaries given a numeric value representing the set of bugs which allow for arbitrary code execution, and therefore a Secure Boot breakout, in a given family of binaries. In this case, the class is defined as "memtest86+", and the current set of bugs is 1. This doesn't imply that we're aware of bugs currently, merely that when we change it to 2, any bugs that /have/ been discovered have been fixed. Documentation for how SBAT works can be found at the following URLs: https://github.com/rhboot/shim/blob/main/SBAT.md https://github.com/rhboot/shim/blob/main/SBAT.example.md Signed-off-by: Peter Jones <pjones@redhat.com>	2023-01-03 00:58:52 +01:00

Author

SHA1

Message

Date

Peter Jones

04980dfda3

EFI: Add support for .sbat signature revocations

This patch adds a new section, ".sbat", which allows for the revocation
of signed binaries given a numeric value representing the set of bugs
which allow for arbitrary code execution, and therefore a Secure Boot
breakout, in a given family of binaries.

In this case, the class is defined as "memtest86+", and the current set
of bugs is 1.  This doesn't imply that we're aware of bugs currently,
merely that when we change it to 2, any bugs that /have/ been discovered
have been fixed.

Documentation for how SBAT works can be found at the following URLs:

  https://github.com/rhboot/shim/blob/main/SBAT.md
  https://github.com/rhboot/shim/blob/main/SBAT.example.md

Signed-off-by: Peter Jones <pjones@redhat.com>

2023-01-03 00:58:52 +01:00

1 Commits