[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen.efi and secure boot

On Fri, Nov 30, 2012 at 10:27 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:

So I learned a little more meanwhile - it's not that trivial: I'm told
the shim uses UEFI services to do the verification, and those
services only handle PE images. But we obviously can't reasonably
expect the Dom0 kernel to be packaged as PE image, as that
would then be unusable as DomU kernel (on older hosts at least,
i.e. even if we added a PE loader to libxc).

But what does the shim use to check the signature of Xen in this case?  Does Xen / native Linux need to be a PE image to boot from the shim?  If not, wouldn't the native PE image suffice?  And if so, why can't the shim check signatures the same way it checks the sig for the thing it's booting?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.