[efi-boot-shim.git] / TODO

- Versioned protocol:
  - Make shim and the bootloaders using it express how enlightened they
    are to one another, so we can stop earlier without tricks
  - Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with
    LoadImage/CheckImage/StartImage.
- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks
  - It doesn't necessarily have to include timestamp checking support
- Make the openssl code supply the Pkcs7Verify() API, and use the system
  one (instead) if it is available.
  - And make building it optional
- Get meb30's multiple-certs patch merged
- Hashing of option roms:
  - hash option roms and add them to MokListRT
  - probably belongs in MokManager
  - And some PCR?
- Ability to specify second stage as a device path
  - including vendor path that means "parent of this image's path"
  - including vendor path that means "this image"
  - including path that's like Fv() to embed images.
- Make all build options be able to be set in 'git config --local shim.OPTION'
  - Make the build dump those to stdout as well
- make debuginfo paths configurable
- make arch dependent names configurable
- Make it easier to avoid CryptPem
- Post process full path names out of __FILE__ / __BASE_FILE__ entries in
  the string table :/
- Reproducible builds:
  - Make build.log an artifact of building.
  - KEK for Mok.  (koike expressed an interest in working on this.)
  - Reorder builds to take hashes of mm, fb and insert those in shim
    instead of ephemeral certs
  - Make an easy strip+implant tool for our embedded cert lists
- Detection of fallback.efi boot loops
  - Some tablet devices seem to always boot the fallback path, ignoring
    boot variables, so we need to detect that.
  - fallback creates 2 variables, one volatile, one nonvolatile
  - if shim sees the nonvolatile variable but not the volatile one, it has
    been booted correctly after fallback has run, so it should remove the
    nonvolatile variable.
  - if fallback sees the nonvolatile variable, it is in a fallback boot
    loop, and should launch the next stage instead of rebooting.
  - This means the TPM extend chain on machines with broken BDS always
    looks like: shim -> fallback -> shim -> grub2 -> kernel, *except* on
    boots from removable media (i.e. install media without fallback),
    where it looks like shim -> grub2 -> kernel /once/.

# vim:filetype=mail:tw=74
Commit	Line	Data
eadb00b4 PJ	1	- Versioned protocol:
eadb00b4 PJ	2	- Make shim and the bootloaders using it express how enlightened they
91229b77 PJ	3	are to one another, so we can stop earlier without tricks
	4	- Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with
	5	LoadImage/CheckImage/StartImage.
ccf9e0ef PJ	6	- Implement EFI_CERT_X509_SHA{256,384,512} revocation checks
ccf9e0ef PJ	7	- It doesn't necessarily have to include timestamp checking support
91229b77 PJ	8	- Make the openssl code supply the Pkcs7Verify() API, and use the system
	9	one (instead) if it is available.
	10	- And make building it optional
	11	- Get meb30's multiple-certs patch merged
eadb00b4 PJ	12	- Hashing of option roms:
	13	- hash option roms and add them to MokListRT
	14	- probably belongs in MokManager
91229b77	15	- And some PCR?
eadb00b4 PJ	16	- Ability to specify second stage as a device path
	17	- including vendor path that means "parent of this image's path"
	18	- including vendor path that means "this image"
	19	- including path that's like Fv() to embed images.
c5805d53	20	- Make all build options be able to be set in 'git config --local shim.OPTION'
5cd4ec44	21	- Make the build dump those to stdout as well
c5805d53 PJ	22	- make debuginfo paths configurable
	23	- make arch dependent names configurable
	24	- Make it easier to avoid CryptPem
0024dc9e PJ	25	- Post process full path names out of __FILE__ / __BASE_FILE__ entries in
0024dc9e PJ	26	the string table :/
545b4a19 MTL	27	- Reproducible builds:
	28	- Make build.log an artifact of building.
	29	- KEK for Mok. (koike expressed an interest in working on this.)
	30	- Reorder builds to take hashes of mm, fb and insert those in shim
	31	instead of ephemeral certs
	32	- Make an easy strip+implant tool for our embedded cert lists
d211ab24 PJ	33	- Detection of fallback.efi boot loops
	34	- Some tablet devices seem to always boot the fallback path, ignoring
	35	boot variables, so we need to detect that.
	36	- fallback creates 2 variables, one volatile, one nonvolatile
	37	- if shim sees the nonvolatile variable but not the volatile one, it has
	38	been booted correctly after fallback has run, so it should remove the
	39	nonvolatile variable.
	40	- if fallback sees the nonvolatile variable, it is in a fallback boot
	41	loop, and should launch the next stage instead of rebooting.
	42	- This means the TPM extend chain on machines with broken BDS always
	43	looks like: shim -> fallback -> shim -> grub2 -> kernel, except on
	44	boots from removable media (i.e. install media without fallback),
	45	where it looks like shim -> grub2 -> kernel /once/.
eadb00b4 PJ	46
eadb00b4 PJ	47	# vim:filetype=mail:tw=74