On Mon, 8 Jun 2026 at 14:03, Gerd Hoffmann <[email protected]> wrote: > > On Mon, Jun 08, 2026 at 10:24:28AM +0100, Peter Maydell wrote: > > On Thu, 4 Jun 2026 at 10:27, Gerd Hoffmann <[email protected]> wrote: > > > > > > On Thu, May 28, 2026 at 03:28:05PM +0100, Peter Maydell wrote: > > > > On Thu, 21 May 2026 at 12:28, Gerd Hoffmann <[email protected]> wrote: > > > > > > > > > > Also little refactoring in preparation > > > > > to avoid code duplication. > > > > > > > > > > Gerd Hoffmann (3): > > > > > hw/nvram: add load_image_to_fw_cfg_file() > > > > > hw/i386: switch shim loading to load_image_to_fw_cfg_file > > > > > hw/arm: add support for shim loading > > > > > > > > Any chance of some information on what this is? > > > > > > It passes the shim binary to the efi firmware, > > > in addition to the kernel binary. > > > > > > x86 has this for a while already, this brings arm on par. > > > > > > docs update with some background below. > > > > > > take care, > > > Gerd > > > > > > --- a/docs/system/linuxboot.rst > > > +++ b/docs/system/linuxboot.rst > > > @@ -17,6 +17,15 @@ Use ``-kernel`` to provide the Linux kernel image and > > > ``-append`` to > > > give the kernel command line arguments. The ``-initrd`` option can be > > > used to provide an INITRD image. > > > > > > +The ``-shim`` option specifies the shim.efi binary. This is needed > > > +when using direct kernel boot with UEFI secure boot enabled. The > > > +verification chain used by linux distros requires shim.efi. Typically > > > +shim.efi is signed by micsosoft and verified by the firmware. The > > > +linux kernel is signed by the distro and is verified by shim.efi. So > > > +without shim.efi in the loop secure boot verification will not work. > > > +Usually you can find shim.efi as ``EFI/BOOT/BOOT{X64,AA64}.EFI`` on > > > +distro install media. > > > > Thanks. I'm not sure why you'd want to enable UEFI secure boot > > when you're not booting via UEFI, though. > > When not booting via UEFI you can ignore that.
But if I'm doing direct kernel boot then by definition I'm not booting via UEFI, I'm directly booting the kernel... thanks -- PMM
