Open Cornelicorn opened 10 months ago
Hey, @Foxboron can i take this issue?
@Pankaj-SinghR There is no "issue taking" here. So if you want to work on this please be my guest.
@Pankaj-SinghR There is no "issue taking" here. So if you want to work on this please be my guest.
cool, let me look into it.
Currently, sbctl verify only checks if the files were signed with the key present on the machine. It would be nice to have sbctl also check if one of the vendor keys matches and now with having
dbx
support, if one of thedbx
certificates forbids that binary (i.e. actually give the information if the binary will be able to boot or not).