[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen.efi and secure boot
>>> On 26.11.12 at 18:57, George Dunlap <dunlapg@xxxxxxxxx> wrote: > So while doing a bit of investigation into a request that we have > instructions for how to sign a Xen binary, I came across a related pair of > questions. If we boot from a signed Xen binary, then: > 1. Will Xen then successfully boot a signed dom0 kernel / initrd? > 2. Will Xen fail to boot an unsigned dom0 kernel / initrd? > > I think if Xen is signed, then ideally we want both 1 and 2 to be true, > right? Does UEFI provide a way to check the signature of files? Does it > happen automatically, or would we need to add extra support? Or would we > need to embed a public key within the Xen binary and have Xen check the > signatures of files that it reads? I don't have any answers to these questions yet; as we need to do this for our upcoming SLE11 SP3, I'm expecting our EFI and/or kernel folks to come forward with an outline of what needs to be done (and ideally with an implementation in the boot loader) that I could then just clone for the Xen code. I had expected that to happen already, but it's apparently not making enough progress (or the progress is not visible to me). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |