still a few glitches in the system... [LWN.net]

still a few glitches in the system...

Posted Nov 21, 2012 15:26 UTC (Wed) by jake (editor, #205)
In reply to: still a few glitches in the system... by redden0t8
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

> You can't blacklist the shim, only the key it was signed with.

As I understand it, you *can* blacklist the shim. The blacklist can either have keys *or* hashes. Put the hash of the shim in the blacklist and MS can still use their key, but that shim no longer boots.

jake