Use small EFI binary instead of nsh scripts
kdevo opened this issue · 0 comments
kdevo commented
Motivation: nsh scripts can't be signed for secure boot, hence they are not tamper-proof.
In order to further minimize the attack surface of running unwanted code, this issue proposes to build a small EFI program that does the simple work of recovery.nsh
and nothing more (snapshots.txt
file approach can be left as is).
In this small EFI binary, the kernel command line could be "baked in" in order to only make the snapshot selection available to the user via stdin.