More extensive verification with sbctl verify

Foxboron / sbctl

:computer: :lock: :key: Secure Boot key manager

MIT License

1.35k stars 71 forks source link

More extensive verification with sbctl verify #238

Open Cornelicorn opened 10 months ago

Cornelicorn commented 10 months ago

Currently, sbctl verify only checks if the files were signed with the key present on the machine. It would be nice to have sbctl also check if one of the vendor keys matches and now with having dbx support, if one of the dbx certificates forbids that binary (i.e. actually give the information if the binary will be able to boot or not).

Pankaj-SinghR commented 10 months ago

Hey, @Foxboron can i take this issue?

Foxboron commented 10 months ago

@Pankaj-SinghR There is no "issue taking" here. So if you want to work on this please be my guest.

Pankaj-SinghR commented 10 months ago

@Pankaj-SinghR There is no "issue taking" here. So if you want to work on this please be my guest.

cool, let me look into it.