|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9
On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote: > Hey Tamas, > > Sorry for late reply. I was on vacation. > > On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote: >> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@xxxxxxxxxx> >> wrote: > > [...] > >> > UEFI will verify shim secure boot signature then shim will verify GRUB2 >> > signature then GRUB2 will verify (with shim protocol) Xen signature and >> > finally Xen will verify (with shim protocol) Linux kernel signature. Then >> > your kernel can verify modules using whatever you want. >> > >> >> I would be happy to work to help achieve this. >> > >> > There is a chance that I will have something very raw at the beginning >> > of June. If you wish to do tests drop me a line. >> >> Hi Daniel, >> is there any news on this? I would be interested in giving this a shot too. > > Please look at > > https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html > > and at > > https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html > > Attachments contain the same patches as above but rebased on latest > GRUB2 and Xen git repositories. > > Due to some travel I am going to restart work on this in the second > half of September. > > If you have any questions please drop me a line. > Hi Daniel, thanks for the update, I'll give it a shot today to set it up. In a somewhat related note, are you aware of any work on getting secure boot + UEFI working in a guest? There is a PoC patch on OpenXT (https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if there are any parallel efforts ongoing. Thanks, Tamas _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |