[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.3 development update, and stock-taking

>>> On 17.01.13 at 17:43, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote:
> On 17/01/13 16:14, Jan Beulich wrote:
>>>>> On 17.01.13 at 16:48, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote:
>>> * Ubuntu plans on having the shim always load a bootloader (with a more
>>> full-featured menu which is under Ubuntu's control, as opposed to the
>>> EFI menu, which will be different for each platform)
>>> * The bootloader will load either signed or unsigned kernel images
>>> * Ubuntu will still be signing their kernel images, however, because:
>>> * The bootloader will turn off boot services for unsigned images, but
>>> will leave boot services on for signed images, so that
>> Again - Linux expects to be turning off boot services itself. So
>> there's no question of the boot loader doing so.
>> There are certain other restrictions to what a not securely boot
>> can do, of course.
> How does this in any way disagree with the sentence to which you're 
> responding?
> Case 1: Signed linux image.  Linux expects to turn boot services off -> 
> bootloader doesn't.
> Case 2: Unsigned linux image.  "Certain other restrictions" -> 
> bootloader turns boot services off.
> They seem 100% compatible.

In a way they are - xen.efi acts as the boot loader in the Xen


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.