plugins: splash: two-step: Secure boot check and a warning image (!176) · Merge requests · plymouth / plymouth

Kate Hsuan requested to merge smallorange/plymouth:kate/WIP/secureboot-check into main Jun 14, 2022

Secure boot is used against several security threats when malware tries to infect the firmware of the system. Users may inadvertently disable or software may intentionally disable the secure boot. Consequently, the system is running on an insecure platform with incorrect configuration. If Plymouth could offer a warning to the user, the user could reboot and reconfigure their system or asks for help immediately.

This work can be used to check the secure boot configuration and put a red warning image on the screen if the secure boot is disabled. Also, this check can be utterly disabled through the kernel parameter for testing. If the parameter "sb-check=false" appears in the kernel parameter, the secure boot check will be disabled.

Signed-off-by: Kate Hsuan hpa@redhat.com

plugins: splash: two-step: Secure boot check and a warning image

Merge request reports