Re: [RFC PATCH v3 00/13] Clavis LSM

From: Eric Snowberg
Date: Fri Mar 21 2025 - 12:43:50 EST

Next message: André Draszik: "[PATCH 1/2] firmware: exynos-acpm: use ktime APIs for timeout detection"
Previous message: Mike Leach: "Re: [PATCH v3 1/1] coresight: prevent deactivate active config while enabling the config"
In reply to: James Bottomley: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Next in thread: James Bottomley: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mar 20, 2025, at 4:40 PM, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, 2025-03-20 at 16:24 +0000, Eric Snowberg wrote:
>> Having lockdown enforcement has always been
>> a requirement to get a shim signed by Microsoft.
>
> This is factually incorrect. Microsoft transferred shim signing to an
> independent process run by a group of open source maintainers a while
> ago:

Yes, the shim-review process is understood. I'm not sure how my sentence
is factually incorrect though. Unless you are saying Microsoft no longer
maintains the private key. Hopefully that is not the case, since the public
key ships on just about every single PC built.

Next message: André Draszik: "[PATCH 1/2] firmware: exynos-acpm: use ktime APIs for timeout detection"
Previous message: Mike Leach: "Re: [PATCH v3 1/1] coresight: prevent deactivate active config while enabling the config"
In reply to: James Bottomley: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Next in thread: James Bottomley: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]