Re: [RFC PATCH v3 00/13] Clavis LSM

From: James Bottomley
Date: Thu Mar 20 2025 - 18:41:10 EST


On Thu, 2025-03-20 at 16:24 +0000, Eric Snowberg wrote:
> Having lockdown enforcement has always been
> a requirement to get a shim signed by Microsoft.

This is factually incorrect. Microsoft transferred shim signing to an
independent process run by a group of open source maintainers a while
ago:

https://github.com/rhboot/shim-review/

If you actually look, you'll see even Microsoft has to obey this
upstream process for their Linux distro:

https://github.com/rhboot/shim-review/issues/427

Regards,

James