[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] UEFI Secure Boot Xen 4.9

To: "Bill Jacobs (billjac)" <billjac@xxxxxxxxx>
From: George Dunlap <george.dunlap@xxxxxxxxxx>
Date: Mon, 15 May 2017 10:42:23 +0100
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>
Delivery-date: Mon, 15 May 2017 09:43:37 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
<billjac@xxxxxxxxx> wrote:
> Hi all
>
> I gather that with 4.9, UEFI secure boot of Xen should be possible.
>
> Is this true?
>
> If so, what are the options for utilizing UEFI secure boot? Do I need a
> MSFT-signed shim or grub? Any special changes required for Xen kernel
> (signing?) or has that been done?

Bill,

I guess in part it depends on what you mean by "utilizing UEFI secure
boot".  If you simply want to boot an unsigned Xen on a UEFI system
with SecureBoot enabled, then grub would probably work.  If you want
to actually do the full SecureBoot thing -- where you have grub check
Xen's signature and that of the kernel and initrd, you probably need a
bit more.

Daniel,

Is there any good documentation on this?  The Xen EFI guide
(https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
doesn't go into detail about how to sign a binary &c.

 -George

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
https://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] UEFI Secure Boot Xen 4.9
  - From: Daniel Kiper

References:
- [Xen-users] UEFI Secure Boot Xen 4.9
  - From: Bill Jacobs (billjac)

Prev by Date: Re: [Xen-users] shared RMRR issue
Next by Date: [Xen-users] 答复: Intel VT-x for HVM
Previous by thread: [Xen-users] UEFI Secure Boot Xen 4.9
Next by thread: Re: [Xen-users] UEFI Secure Boot Xen 4.9
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.