[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9



Hey Tamas,

Sorry for late reply. I was on vacation.

On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote:

[...]

> > UEFI will verify shim secure boot signature then shim will verify GRUB2
> > signature then GRUB2 will verify (with shim protocol) Xen signature and
> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
> > your kernel can verify modules using whatever you want.
> >
> >> I would be happy to work to help achieve this.
> >
> > There is a chance that I will have something very raw at the beginning
> > of June. If you wish to do tests drop me a line.
>
> Hi Daniel,
> is there any news on this? I would be interested in giving this a shot too.

Please look at

  https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html

and at

  https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html

Attachments contain the same patches as above but rebased on latest
GRUB2 and Xen git repositories.

Due to some travel I am going to restart work on this in the second
half of September.

If you have any questions please drop me a line.

Daniel

Attachment: 0001-efi-Add-EFI-shim-lock-verifier.patch
Description: Text Data

Attachment: xen_mb2_efi_sb_rfc_rebase_20170829.tgz
Description: application/gtar-compressed

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.