I just teste the new AuditMode and use this issue to post collected links where to find and how to parse the Image Execution Table that helps verifying boot chain without actually locking.
If nobody else does and I find the mousse to implement it, I will post a patch to sbctl.
From a Chat:
Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table
Efi variable GUID d719b2cb-3d3a-4596-a3bc-dad00e67656f
https://github.com/m132/image-exec-info
Du: https://openvmm.dev/rustdoc/windows/src/uefi_specs/uefi/nvram.rs.html#192-193
Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table
Efi variableit GUID d719b2cb-3d3a-4596-a3bc-dad00e67656f
https://github.com/m132/image-exec-info
Der untere Link da zeigt wie grob die Structs daraus geparsed werden wenns Binary ist und nicht string
I just teste the new AuditMode and use this issue to post collected links where to find and how to parse the Image Execution Table that helps verifying boot chain without actually locking.
If nobody else does and I find the mousse to implement it, I will post a patch to sbctl.
From a Chat:
Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table
Efi variable GUID d719b2cb-3d3a-4596-a3bc-dad00e67656f
https://github.com/m132/image-exec-info
Du: https://openvmm.dev/rustdoc/windows/src/uefi_specs/uefi/nvram.rs.html#192-193
Du: https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html#using-the-image-execution-information-table
Der untere Link da zeigt wie grob die Structs daraus geparsed werden wenns Binary ist und nicht string