On Thu, Jan 31, 2019 at 12:53:36PM +0100, Dominig ar Foll (Intel Open Source) wrote:
> Hello, > > Securing the full boot chain on a UEFI BIOS such as those provided on > Intel platforms is possible but not that simple. > Working, detailed documentation is not easy to find anywhere. > > Some of my students from Lorient (University of South Brittany) have > done a good documentation job on > a HowTo create and boot a signed kernel and Grub2 on a UEFI BIOS. > > As it could be useful to some of you, I share the link. > https://ubs_csse.gitlab.io/secu_os/tutorials/linux_secure_boot.html > > Thanks to Romain Brenaget, Jerôme Blanchard and Pierre Fontaine from the > Master1 in Embedded Cyber Security. > > fontaine.e1800...@etud.univ-ubs.fr > brenaget.e1803...@etud.univ-ubs.fr > blanchard.e1804...@etud.univ-ubs.fr I did pick up something new reading through those docs, so thanks for the link. Please note that in the context of OpenEmbedded https://github.com/jiazhang0/meta-secure-core/tree/master/meta-efi-secure-boot provides all of this and is fairly well documented. There may be some interesting parts in there for you and your team as it does handle the kernel/initramfs question differently. -- Tom
signature.asc
Description: PGP signature
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto