'Re: [Xen-users] [Xen-devel] UEFI Secure Boot Xen 4.9'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xen-users
Subject:    Re: [Xen-users] [Xen-devel]  UEFI Secure Boot Xen 4.9
From:       Tamas K Lengyel <tamas.k.lengyel () gmail ! com>
Date:       2017-08-30 16:16:23
Message-ID: CABfawhk-T0BkvRdV8jSUwsTxcMrdkCWi7P4YiV4KOnf35f-yjQ () mail ! gmail ! com
[Download RAW message or body]

On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> Hey Tamas,
>
> Sorry for late reply. I was on vacation.
>
> On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
>> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> [...]
>
>> > UEFI will verify shim secure boot signature then shim will verify GRUB2
>> > signature then GRUB2 will verify (with shim protocol) Xen signature and
>> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
>> > your kernel can verify modules using whatever you want.
>> >
>> >> I would be happy to work to help achieve this.
>> >
>> > There is a chance that I will have something very raw at the beginning
>> > of June. If you wish to do tests drop me a line.
>>
>> Hi Daniel,
>> is there any news on this? I would be interested in giving this a shot too.
>
> Please look at
>
>   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
>
> and at
>
>   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
>
> Attachments contain the same patches as above but rebased on latest
> GRUB2 and Xen git repositories.
>
> Due to some travel I am going to restart work on this in the second
> half of September.
>
> If you have any questions please drop me a line.
>

Hi Daniel,
thanks for the update, I'll give it a shot today to set it up. In a
somewhat related note, are you aware of any work on getting secure
boot + UEFI working in a guest? There is a PoC patch on OpenXT
(https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
there are any parallel efforts ongoing.

Thanks,
Tamas

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
https://lists.xen.org/xen-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic