Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
MJG's signed Shim for UEFI Secure Boot available
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
srs5694
Guru
Guru


Joined: 08 Mar 2004
Posts: 434
Location: Woonsocket, RI

PostPosted: Sat Dec 01, 2012 6:32 pm    Post subject: MJG's signed Shim for UEFI Secure Boot available Reply with quote

There have been a number of posts about EFI and Secure Boot recently, so I thought some people might be interested in this:

http://mjg59.dreamwidth.org/20303.html

That's Matthew Garrett's announcement of a signed binary version of his Shim boot loader. Basically, this program will boot on a computer with Secure Boot active in its default mode (with Microsoft's keys in the firmware) and then launch another boot loader (called grubx64.efi, although it could be something other than GRUB in that filename) that you sign with your keys. The end result is something that's more secure than disabling Secure Boot entirely and easier than installing your own Secure Boot keys. I haven't yet tried this version of the binary, so I can't provide help beyond pointing you to MJG's own blog, but I thought some people might want to know about it.

FWIW, although you could sign and launch my rEFInd boot manager with this version of Shim, the current version (0.4.7) won't be very useful when signed in this way, since it doesn't yet "talk" to Shim. I'm working on changing that, so that rEFInd will launch binaries signed in a way that Shim supports.
Back to top
View user's profile Send private message
Hypnos
Advocate
Advocate


Joined: 18 Jul 2002
Posts: 2889
Location: Omnipresent

PostPosted: Fri Dec 07, 2012 3:24 am    Post subject: Reply with quote

Thank you for the update on the Secure Boot + Linux situation, and for your efforts on improving the UEFI+Linux experience.
_________________
Personal overlay | Simple backup scheme
Back to top
View user's profile Send private message
srs5694
Guru
Guru


Joined: 08 Mar 2004
Posts: 434
Location: Woonsocket, RI

PostPosted: Fri Dec 07, 2012 3:57 pm    Post subject: Reply with quote

Hypnos wrote:
Thank you for the update on the Secure Boot + Linux situation, and for your efforts on improving the UEFI+Linux experience.


You're welcome. FWIW, last night I released version 0.5.0 of rEFInd, which "talks" to shim to authenticate binaries. It's still got some bugs and takes too much effort to set up, but it does work to launch Linux (and I'm guessing Windows 8, although I don't have a copy to test). The setup effort situation will improve in time, both with changes I plan to the rEFInd installation script and to changes as distributions begin signing their kernels. (I have no idea what Gentoo has planned along those lines -- presumably a change to genkernel will be needed to add signing functions.)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum