[systemd-devel] shim 16 breaking systemd stub and next steps
Ard Biesheuvel
ardb at kernel.org
Fri Mar 21 07:53:28 UTC 2025
On Thu, 20 Mar 2025 at 23:36, Luca Boccassi <luca.boccassi at gmail.com> wrote:
...
>
> The shim maintainers have expressed interest in providing a protocol
> that allows us to correctly configure loadimage so that it doesn't
> check the signature and it doesn't measure, which is what we need.
> I'll provide further updates once there is something more concrete.
Are those nested images always covered by an entire PE/COFF section in
the outer image?
If so, we might just add a LoadNestedImageFromSection() method to the
shim loader protocol that only operates on images that have already
been authenticated.
More information about the systemd-devel
mailing list