As promised, here is the Linux Foundation UEFI secure boot system.  This was actually released to us by Microsoft on Wednesday 6 February, but with travel, conferences and meetings I didn’t really get time to validate it all until today.  The files are here

I’ve also put together a mini-USB image that is bootable (just dd it on to any USB key; the image is gpt partitioned, so use the whole disk device).  It has an EFI shell where the kernel should be and uses gummiboot to load.  You can find it here (md5sum 7971231d133e41dd667a184c255b599f).

To use the mini-USB image, you have to enroll the hashes for loader.efi (in the \EFI\BOOT directory; actually gummiboot) as well as shell.efi (in the top level directory).  It also includes a copy of KeyTool.efi which you have to enrol the hash of to run as well.

What Happened to KeyTool.efi?

Originally this was going to be part of our signed release kit.  However, during testing Microsoft discovered that because of a bug in one of the UEFI platforms, it could be used to remove the platform key programmatically, which would rather subvert the UEFI security system.  Until we can resolve this (we’ve now got the particular vendor in the loop), they declined to sign KeyTool.efi although you can, of course, authorize it by hash in the MOK variables if you want to run it.

Let me know how this goes because I’m very interested to gather feedback about what works and what doesn’t work.  In particular, there’s a worry that the security protocol override might not work on some platforms, so I particularly want to know if it doesn’t work for you.

Linux Foundation Secure Boot System Released的更多相关文章

  1. 反Secure Boot垄断:兼谈如何在Windows 8电脑上安装Linux

    感谢HQSQ的投递一.自由软件基金会的呼吁上周,2012年将近结束的时候,自由软件基金会(FSF)发出呼吁,要求人们继续支持反Secure Boot垄断,希望签名者能达到5万人(目前是4万).我觉得, ...

  2. Linux secure boot(安全启动)时添加Nvidia显卡驱动

    开启Secure boot情况下,在Fedora 21下安装Nvidia 显卡驱动的方法. Nvidia显卡驱动可以从官网上下载最新版>> 点击进入 下载后添加可执行权限: #chmod ...

  3. UEFI、BIOS、Secure Boot的关系和知识介绍

      从Windows 8操作系统时代开始,安装操作系统的方法也有了很大的改变,Windows 8采用了Secure Boot引导启动的方式,而不是过去Win XP和Win 7的Legacy启动方式,从 ...

  4. Linux Foundation(笔记)

    /************************************************************* * Linux Foundation * 1. 总结一下Linux的基础内 ...

  5. secure boot(安全启动)下为内核模块签名

    上一篇随笔中提到了如何在secure boot下安装Nvidia显卡驱动 >>上一篇随笔 如果不需要安装Nvidia显卡驱动,而且要生成密钥,可以参考>> 这篇文章 这里假设生 ...

  6. 华硕笔记本之secure boot

    在ubuntu下安装cuda的时候,一直装不好,cuda-7.5.run已经装好了,但是编译cuda的例程时失败,提示cuda的库链接不上. 初步判断是secure boot的问题,因为在开启X的情况 ...

  7. Android Partitions Explained: boot, system, recovery, data, cache & misc

    from: http://www.addictivetips.com/mobile/android-partitions-explained-boot-system-recovery-data-cac ...

  8. 小米笔记本怎么关闭secure boot

    关闭Secure Boot的步骤: 一.关闭 "快速启动" 功能 1.右键-开始菜单- 电源选项,进入后 点击"选择电源按钮的功能". 2.进入电源选项设置后, ...

  9. Windows 上编译 corefx 源码生成 Linux 上可用的 System.Data.SqlClient.dll

    最近在排查一个奇怪的 EF Core 查询速度慢的问题,需要在 corefx 2.2.3 的 System.Data.SqlClient 源码中打点. github 上签出 corefx 的源代码,运 ...

随机推荐

  1. 水晶报表显示到aspx页面中

    1.在前台添加水晶报表显示控件. <CR:CrystalReportViewer ID="CrystalReportViewer1" runat="server&q ...

  2. win7如何完全写在iis

    在前些天,因为需要搭建了ftp服务器,但是今天不需要了,所以要卸载iis,因为我不会让iis和apache同时共存,所以只能卸载了 先找到windows功能,然后把Internet信息服务勾选掉,重启 ...

  3. wysiwyg editor

    http://www.bootcss.com/p/bootstrap-wysiwyg/

  4. RESTheart安装与设置

    作者:Maurizio Turatti, 最后在Feb 25, 2016时被 Andrea Di Cesare更新 安装与设置 1. 快速开始 Docker Vagrant Bare metal 2. ...

  5. Swift -- SnapKit

    Snapkit SnapKit是专门为Swift语言提供AutoLayout布局使用的,特点为语法简洁易用. let subview = UIView() subview.backgroundColo ...

  6. PHP练习题(二)

    程序6.题目: 假设某人有100,000现金,每经过一次路口需要进行一次交费交费规则为当他现金大于50,000时每次需要交%5,如果现金小于等于50,000时每次交5,000.问此人可以经过多少次这个 ...

  7. 降维(二)----Laplacian Eigenmaps

    降维(二)----Laplacian Eigenmaps 降维系列: 降维(一)----说说主成分分析(PCA)的源头 降维(二)----Laplacian Eigenmaps ----------- ...

  8. 【技术贴】jsp出现getOutputStream() has already been calle

    此错误经常在websphere6.x版本里出现:原因是jsp文件中的尖括号百分号里面有空行或者其他的什么原因,Servlet1.2规范规定了OutputStream只能获得一次,在jsp中实际上已经通 ...

  9. PYTHON--CLASS

    class Robot: population = 0 def __init__(self, name): self.name = name print("(Initializing {0} ...

  10. 剖析Qt的事件机制原理

    版权声明 请尊重原创作品.转载请保持文章完整性,并以超链接形式注明原始作者“tingsking18”和主站点地址,方便其他朋友提问和指正. QT源码解析(一) QT创建窗口程序.消息循环和WinMai ...