[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] EFI and multiboot2 devlopment work for Xen
On 22.10.2013 19:12, Andrey Borzenkov wrote: > Ð Mon, 21 Oct 2013 23:16:24 +0200 > Vladimir 'Ï-coder/phcoder' Serbinenko <phcoder@xxxxxxxxx> ÐÐÑÐÑ: > >> GRUB has generic support for signing kernels/modules/whatsoever using >> GnuPG signatures. You'd just have to ship xen.sig and kernel.sig. This >> method doesn't have any controversy associated with EFI stuff but at >> this particular case does exactly the same thing: verify signature. >> multiboot2 is mainly memory structure specification so probably how the >> files are checked is outside of its scope. But it's possible to add >> specification on how to embed signatures in kernel. >> > > I'm a bit skeptical here. Given that > > - EFI secure boot will still be needed to handle Windows > - kernel can be launched directly as EFI application > - there are other bootloaders with secure boot support > > distributions will likely need to carry on EFI secure boot support. At > which point it is not clear what advantages second, parallel, > infrastructure for the sake of single application will bring. > Using PE signatures is possible as I already said which invalidates your points. > The most compelling reason would be allowing module loading (which is > currently disabled by secure boot patches). > Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |