I would value observing the execution of securing UEFI for Linux and Windows according to the recently release NSA's "UEFI Secure Boot Customization" guide.
During the "Lessons from the Dark Web," in which Don Pezet builds an onion router, he invited us to suggest topics, and here I am. I would greatly value to observe the execution of the NSA's recommendation in securing the booting of our systems.
I am wondering if the singing of bootloaders and drives can be done from the UEFI interface, before the OS is loaded. Perhaps there is a CLI we can access before the OS? I have questions like these.
The NSA's announcement of the guide can be found here: https://www.nsa.gov/news-features/press-room/Article/2347822/nsa-releases-cybersecurity-technical-report-on-uefi-secure-boot-customization/
And the PDF guide, can be found here: https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF