On Thu, 20 Mar 2025 at 23:36, Luca Boccassi <luca.bocca...@gmail.com> wrote: ... > > The shim maintainers have expressed interest in providing a protocol > that allows us to correctly configure loadimage so that it doesn't > check the signature and it doesn't measure, which is what we need. > I'll provide further updates once there is something more concrete.
Are those nested images always covered by an entire PE/COFF section in the outer image? If so, we might just add a LoadNestedImageFromSection() method to the shim loader protocol that only operates on images that have already been authenticated.
