[RFC PATCH v3 00/13] Clavis LSM
James Bottomley
James.Bottomley at HansenPartnership.com
Thu Mar 20 22:40:55 UTC 2025
On Thu, 2025-03-20 at 16:24 +0000, Eric Snowberg wrote:
> Having lockdown enforcement has always been
> a requirement to get a shim signed by Microsoft.
This is factually incorrect. Microsoft transferred shim signing to an
independent process run by a group of open source maintainers a while
ago:
https://github.com/rhboot/shim-review/
If you actually look, you'll see even Microsoft has to obey this
upstream process for their Linux distro:
https://github.com/rhboot/shim-review/issues/427
Regards,
James
More information about the Linux-security-module-archive
mailing list