On Tue, Dec 06, 2022 at 11:09:57AM -0500, Robbie Harwood wrote: >Zhang Boyang <zhangboyang...@gmail.com> writes: > >> Since font files can be wrapped as PE images by grub-wrap, use shim to >> verify font files if Secure Boot is enabled. To prevent other PE files >> (e.g. kernel images) used as wrappers, it only allows files marked as >> Windows GUI used as wrappers. > >Thanks for writing this; it's helpful to have something concrete to look >at.
Definitely! >This approach is very font-focused, and while I understand that given >the discussion, I do still wonder if it wouldn't be better to make fonts >an instance of modules. If fonts become instances of modules, and >modules are wrapped into PE files, that not only seems cleaner but also >gives us signed module support without baking those into the image. > >What do you think? Nod, that probably makes more sense if we want to go this way. I'm not sure we do personally, but... -- Steve McIntyre, Cambridge, UK. st...@einval.com Dance like no one's watching. Encrypt like everyone is. - @torproject _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
