Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-115476

Create a tool to select different first stage bootloaders based on enrolled certificates

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-8.10, rhel-9.6, rhel-10.0
    • efivar
    • None
    • No
    • Important
    • 2
    • rhel-bootloader
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Bootloader Sprint 2025.2, Bootloader Sprint 2025.3
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64, aarch64
    • None

      What were you trying to do that didn't work?

      What is the impact of this issue to you?

       
      To deal with multiple certificates optionally enrolled on a system, including the Microsoft UEFI 2011 and Microsoft UEFI 2023 certs as well as future PQC roots of trust, we need to be able to select which shim to install during installation and upgrades.

      To do that, we need a tool that can evaluate the enrolled roots of trust and select bootloaders based on their signatures.

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Actual results

              pjones Peter Jones
              pjones Peter Jones
              bootloader -eng-team bootloader -eng-team
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: