Hello, when secure boot is enabled and a custom platform-key is used, please show the fingerprint of the platform-key in the UEFI interface and on the POST screen. This way a user can really verify, that only their signed EFI executables gets booted/executed. (And nobody tampered the device keys/disk) For the POST screen, it would be nice to pause execution with a specfic key so people have time to verify the hash.
Android smartphones have this feature for several years [0], but I am not talking about a big yellow warning, just the hash as a information. Please keep in mind, that the screenshots are not fully up-to-date, devices show not only the first 8 digits, but the full root of trust hash since a few months. [1] The reference source code is available here: [2] Best and thanks, Simon -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94807): https://edk2.groups.io/g/devel/message/94807 Mute This Topic: https://groups.io/mt/94178620/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
