© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Shim provides a lot more than just a chain of trust. It is also the protocol to perform TPM2 measurements, for local and remote attestation.
For ultimate security, whilst using custom chain of trust, one must use shim and ensure that vendor certificate is excluded from trust either via dbx or mokx. When desired to skip signature validation, there is ability to request shim to disable-validation, but that requires reboot and access to mokmanager, such that tpm measurements are affected. This prevents installing rootkits or accessing TPM sealed secrets unauthorized (prefix attacks).
Not using shim, results in insecure systems susceptible to Boot Hole and TPM measurements prefix attacks.
It seems that you are asking us to lower our security standards for our bootloader. If stock Ubuntu bootloader is too secure for your insecure usecases, please build your own grub images. By policy we will no longer sign grub bootloaders that allow bypass of validation without affecting TPM measurements.