On Fri, Oct 11, 2024 at 05:23:04PM +0200, Julian Andres Klode wrote:
> Copy the list of things that do not affect secure boot state from
> the shim_lock verifier to the lockdown verifier, and change the code
> there to defer for anything not in that list, rather than known
> images.
>
> This preven
Copy the list of things that do not affect secure boot state from
the shim_lock verifier to the lockdown verifier, and change the code
there to defer for anything not in that list, rather than known
images.
This prevents non-shim-lock systems from getting vulnerabilities in
newly added or missed "
