memtest86plus/boot/sbat.csv
Peter Jones 04980dfda3 EFI: Add support for .sbat signature revocations
This patch adds a new section, ".sbat", which allows for the revocation
of signed binaries given a numeric value representing the set of bugs
which allow for arbitrary code execution, and therefore a Secure Boot
breakout, in a given family of binaries.

In this case, the class is defined as "memtest86+", and the current set
of bugs is 1.  This doesn't imply that we're aware of bugs currently,
merely that when we change it to 2, any bugs that /have/ been discovered
have been fixed.

Documentation for how SBAT works can be found at the following URLs:

  https://github.com/rhboot/shim/blob/main/SBAT.md
  https://github.com/rhboot/shim/blob/main/SBAT.example.md

Signed-off-by: Peter Jones <pjones@redhat.com>
2023-01-03 00:58:52 +01:00

3 lines
137 B
Plaintext

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
memtest86+,1,Memtest86+,6.0,https://github.com/memtest86plus