As promised, here is the Linux Foundation UEFI secure boot system.  This was actually released to us by Microsoft on Wednesday 6 February, but with travel, conferences and meetings I didn’t really get time to validate it all until today.  The files are here

I’ve also put together a mini-USB image that is bootable (just dd it on to any USB key; the image is gpt partitioned, so use the whole disk device).  It has an EFI shell where the kernel should be and uses gummiboot to load.  You can find it here (md5sum 7971231d133e41dd667a184c255b599f).

To use the mini-USB image, you have to enroll the hashes for loader.efi (in the \EFI\BOOT directory; actually gummiboot) as well as shell.efi (in the top level directory).  It also includes a copy of KeyTool.efi which you have to enrol the hash of to run as well.

What Happened to KeyTool.efi?

Originally this was going to be part of our signed release kit.  However, during testing Microsoft discovered that because of a bug in one of the UEFI platforms, it could be used to remove the platform key programmatically, which would rather subvert the UEFI security system.  Until we can resolve this (we’ve now got the particular vendor in the loop), they declined to sign KeyTool.efi although you can, of course, authorize it by hash in the MOK variables if you want to run it.

Let me know how this goes because I’m very interested to gather feedback about what works and what doesn’t work.  In particular, there’s a worry that the security protocol override might not work on some platforms, so I particularly want to know if it doesn’t work for you.

Linux Foundation Secure Boot System Released的更多相关文章

  1. 反Secure Boot垄断:兼谈如何在Windows 8电脑上安装Linux

    感谢HQSQ的投递一.自由软件基金会的呼吁上周,2012年将近结束的时候,自由软件基金会(FSF)发出呼吁,要求人们继续支持反Secure Boot垄断,希望签名者能达到5万人(目前是4万).我觉得, ...

  2. Linux secure boot(安全启动)时添加Nvidia显卡驱动

    开启Secure boot情况下,在Fedora 21下安装Nvidia 显卡驱动的方法. Nvidia显卡驱动可以从官网上下载最新版>> 点击进入 下载后添加可执行权限: #chmod ...

  3. UEFI、BIOS、Secure Boot的关系和知识介绍

      从Windows 8操作系统时代开始,安装操作系统的方法也有了很大的改变,Windows 8采用了Secure Boot引导启动的方式,而不是过去Win XP和Win 7的Legacy启动方式,从 ...

  4. Linux Foundation(笔记)

    /************************************************************* * Linux Foundation * 1. 总结一下Linux的基础内 ...

  5. secure boot(安全启动)下为内核模块签名

    上一篇随笔中提到了如何在secure boot下安装Nvidia显卡驱动 >>上一篇随笔 如果不需要安装Nvidia显卡驱动,而且要生成密钥,可以参考>> 这篇文章 这里假设生 ...

  6. 华硕笔记本之secure boot

    在ubuntu下安装cuda的时候,一直装不好,cuda-7.5.run已经装好了,但是编译cuda的例程时失败,提示cuda的库链接不上. 初步判断是secure boot的问题,因为在开启X的情况 ...

  7. Android Partitions Explained: boot, system, recovery, data, cache & misc

    from: http://www.addictivetips.com/mobile/android-partitions-explained-boot-system-recovery-data-cac ...

  8. 小米笔记本怎么关闭secure boot

    关闭Secure Boot的步骤: 一.关闭 "快速启动" 功能 1.右键-开始菜单- 电源选项,进入后 点击"选择电源按钮的功能". 2.进入电源选项设置后, ...

  9. Windows 上编译 corefx 源码生成 Linux 上可用的 System.Data.SqlClient.dll

    最近在排查一个奇怪的 EF Core 查询速度慢的问题,需要在 corefx 2.2.3 的 System.Data.SqlClient 源码中打点. github 上签出 corefx 的源代码,运 ...

随机推荐

  1. 如何判断一个Div是否在可视区域,判断div是否可见

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  2. word 2013 没有控件菜单怎么办,添加控件菜单

    方法/步骤   打开word软件,然后点击菜单栏中最左边的“文件”菜单项,如下图红色方框所示 2 点击文件后,就打开word的设置对话框,然后在左边的设置列表中点击“自定义功能区”,打开自定义功能区设 ...

  3. 为什么很多语言选择在JVM上实现

    非常经济地实现跨平台.你的语言编译器后端只需要输出 JVM 字节码就可以.跨平台需要极大的工作量,举个例子,只是独立开发生成本地代码,就需要花费大量精力去针对不同平台和处理器进行优化(比如 Firef ...

  4. easyui之combotree

    这几天时间比较空闲的我把easyui中比较难的控件回顾一遍 这次的总结是easyui中的combotree easyui的中文文档上说:combotree结合选择控制和下拉树,类似于combobox只 ...

  5. to disable the entity lazy load, The ObjectContext instance has been disposed and can no longer be used for operations that require a connection.

    The ObjectContext instance has been disposed and can no longer be used for operations that require a ...

  6. Codeforces Round #198 (Div. 2) —— A

    最水的题,可惜当时赶时间没有注意数据范围:暴力超时了! 其实应该用x,y的最大公约数来判断: 代码: #include<iostream> using namespace std; int ...

  7. 【BZOJ1901】 Zju2112 Dynamic Rankings(树套树)

    [题意] 给定一个含有n个数的序列a[1],a[2],a[3]--a[n], 程序必须回答这样的询问:对于给定的i,j,k,在a[i],a[i+1],a[i+2]--a[j]中第k小的数是多少(1≤k ...

  8. SPRING IN ACTION 第4版笔记-第二章Wiring Beans-005-<constructor-arg>和c-namespace

    1. package soundsystem; public class SgtPeppers implements CompactDisc { private String title = &quo ...

  9. Android软件开发之发送短信与系统短信库解析

    今天我和同学们讨论一下Android平台下如何调用系统方法发送短信.接收短信.系统的短信库相关的问题.进入正题,我们先使用Eclipse工具模拟给自己的模拟器发送一条短信.在Eclipse下打开DDM ...

  10. 《鸟哥的Linux私房菜》读书笔记五

    1. Ctrl+alt+FX(X=1~6)可以切换到6个不同的文字界面终端(Terminal) 再按Ctrl+alt+F7就可以回到X Window,按Ctrl+alt+Backspace这是结束所有 ...