undefined | Better HN

0 pointsmjg594y ago0 comments

Are you planning to ship systems that don't have Boot Guard enforcement enabled? I've done a couple of Coreboot ports (I'm typing from a laptop that's running my build) and the Framework is an extremely interesting target, but if Boot Guard is turned on then that becomes pretty difficult.

0 comments

nrp4y ago

We haven't finalized our plans around this, but one path we have explored is a signed shim loader.

mjg59OP4y ago

Ah, so a signed firmware bootblock that runs something user signed? I wrote the original version of the boot Shim that Linux distros use for bridging from the Microsoft root of trust to the distro one, so let me know if there's any way I can help out here.

nrp4y ago

Yep! It's great to hear that, and I would definitely be interested in chatting. I've DMed you on twitter.

j / k navigate · click thread line to collapse

0 pointsmjg594y ago0 comments

0 comments

nrp4y ago

We haven't finalized our plans around this, but one path we have explored is a signed shim loader.

mjg59OP4y ago

nrp4y ago

Yep! It's great to hear that, and I would definitely be interested in chatting. I've DMed you on twitter.

j / k navigate · click thread line to collapse