Le 21/10/2017 à 22:54, John Franklin a écrit :
A generic guide to Secureboot and updating Secureboot keys in your
uEFI firmware:
https://www.rodsbooks.com/efi-bootloaders/secureboot.html
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
Ubuntu’s guide to signing things for Secureboot:
https://insights.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot/
Red Hat’s guide to signing kernels, kernel modules and installing MOKs
in your uEFI firmware:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-signing-kernel-modules-for-secure-boot
OpenSUSE’s version:
https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.uefi.html
Between those four, you should be able to get a pretty good idea of
how Secureboot works and how to get shim to boot your own signed
kernels, even your own Devuan kernels.
And finally, writing your own .efi binary, which requires linking a C
program against a vast tree of dependencies a specific crt0 and static
library:
https://www.rodsbooks.com/efi-programming/hello.html
Thanks John. I put a label on your mail and will read the links
when I find the time. Now very busy building a native
x86_64-pc-linux-musl-gcc-6.3. Wouldn't it be the ideal toolchain to
build one's own secureboot?
Didier
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
