On Thu, 27 Jun 2019, Matthew Garrett wrote: > By that metric, on a secure boot system how do we determine that code > running in the firmware environment wasn't compromised before it > launched the initial signed kernel? Remote attestation tied to a hardware root of trust, before allowing access to any further resources. -- James Morris <jmorris@xxxxxxxxx>