Back to Blog
Bitraser reviews6/5/2023 ![]() If the shim binaries can't be reproduced using the provided Dockerfile, please explain why that's the case and the differences would be. At the very least include the specific versions of gcc, binutils, and gnu-efi which were used, and where to find those binaries. We're going to try to reproduce your build as close as possible to verify that it's really a build of the source tree you tell us it is, so these need to be fairly thorough. What OS and toolchain must we use to reproduce this build? Include where to find it, etc. If you are changing to a new (CA) certificate, this does not In order to prevent GRUB2 from being able to chainload those older GRUB2īinaries. To add the hashes of the previous GRUB2 binaries to vendor_dbx in shim If you are re-using a previously used (CA) certificate, you will need Please provide exact binaries for which hashes are created via file sharing service,Īvailable in public with anonymous access for verification Hashes please briefly describe your certificate setup. If you use vendor_db functionality of providing multiple certificates and/or Is "ACPI: configfs: Disallow loading ACPI tables when locked down" "efi: Restrict efivar_ssdt_load when the kernel is locked down" If your boot chain of trust includes linux kernel, is were old shims hashes provided to Microsoft for verification.( July 2020 grub2 CVE list + March 2021 grub2 CVE list ) ![]()
0 Comments
Read More
Leave a Reply. |