[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen.efi and secure boot

So while doing a bit of investigation into a request that we have instructions for how to sign a Xen binary, I came across a related pair of questions.  If we boot from a signed Xen binary, then:
1. Will Xen then successfully boot a signed dom0 kernel / initrd?
2. Will Xen fail to boot an unsigned dom0 kernel / initrd?

I think if Xen is signed, then ideally we want both 1 and 2 to be true, right?  Does UEFI provide a way to check the signature of files?  Does it happen automatically, or would we need to add extra support?  Or would we need to embed a public key within the Xen binary and have Xen check the signatures of files that it reads?

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.