I haven’t researched how much of a security theater this secure boot design is but it relies on a dynamic root of trust vs a static one. his might be interesting in our area of verified boot implementation though so far I can’t see something on baremetal that comes close to Patrick’s design of using an iso as a verified boot measurement stub.
1 Like