Hi,
> Does that mean that the Linux EFI boot code knows how to call back to
> shim to get the certificates instead of reading the firmware directly?
No. The linux efi stub doesn't need that.
shim.efi does:
(a) Set efi variables, where the linux kernel can read the
certificates from. This works the same way for both traditional
kernels and UKIs.
(b) provide an efi protocol for bootloaders, which can be called by grub
and systemd-boot to verify the signature for binaries they load
(typically the linux kernel, but could also be fwupd.efi).
take care,
Gerd
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
