Re: [RFC PATCH v3 00/13] Clavis LSM
From: James Bottomley
Date: Thu Mar 20 2025 - 18:41:10 EST
On Thu, 2025-03-20 at 16:24 +0000, Eric Snowberg wrote:
> Having lockdown enforcement has always been
> a requirement to get a shim signed by Microsoft.
This is factually incorrect. Microsoft transferred shim signing to an
independent process run by a group of open source maintainers a while
ago:
https://github.com/rhboot/shim-review/
If you actually look, you'll see even Microsoft has to obey this
upstream process for their Linux distro:
https://github.com/rhboot/shim-review/issues/427
Regards,
James