[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] UEFI Secure Boot Xen 4.9

On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
<billjac@xxxxxxxxx> wrote:
> Hi all
> I gather that with 4.9, UEFI secure boot of Xen should be possible.
> Is this true?
> If so, what are the options for utilizing UEFI secure boot? Do I need a
> MSFT-signed shim or grub? Any special changes required for Xen kernel
> (signing?) or has that been done?


I guess in part it depends on what you mean by "utilizing UEFI secure
boot".  If you simply want to boot an unsigned Xen on a UEFI system
with SecureBoot enabled, then grub would probably work.  If you want
to actually do the full SecureBoot thing -- where you have grub check
Xen's signature and that of the kernel and initrd, you probably need a
bit more.


Is there any good documentation on this?  The Xen EFI guide
(https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
doesn't go into detail about how to sign a binary &c.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.