I'm worried about the "disables the Shell only in SecureBoot and non-Setup mode" approach.
What are the "known mechanisms" to use the Shell to bypass Secure Boot?
Would any of these mechanisms persist through the following process?
- attacker reboots system and enters "bios" setup
- attacker disables secure boot
- attacker boots into Shell
- attacker fiddles the knobs
- attacker reboots system and and enters "bios" setup
- attacker enables secure boot
- attacker bypasses Secure Boot due to the knob fiddling
I'm worried about the "disables the Shell only in SecureBoot and non-Setup mode" approach.
What are the "known mechanisms" to use the Shell to bypass Secure Boot?
Would any of these mechanisms persist through the following process?
- attacker reboots system and enters "bios" setup
- attacker disables secure boot
- attacker boots into Shell
- attacker fiddles the knobs
- attacker reboots system and and enters "bios" setup
- attacker enables secure boot
- attacker bypasses Secure Boot due to the knob fiddling
Thanks