AW: Verify the signature of OSes (for SB)

help-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: Verify the signature of OSes (for SB)

From:	Mathias Radtke
Subject:	AW: Verify the signature of OSes (for SB)
Date:	Wed, 22 Nov 2023 08:00:04 +0000

Hi




Hello,
I already imported the sb keys from the uefi and signed my grub image. However 
the problem is that apart from the uefi verification of the grub image itself, 
no other verification is done by grub. This would mean that I can actually boot 
on unsigned kernels from grub (with sb enabled!). But I can sign correctly both 
the kernel and grub as of now.

Then I think you would have to compile a shim for your system and boot this one 
first instead of grub. However if this shim is not signed by Microsoft I can't 
say for sure if a Linux/Windows Dual Boot system will boot properly into 
Windows.
I think you should also compile your public cert of the key into the shim, just 
to make sure.

Regards

Mathias

[Prev in Thread]

Current Thread

[Next in Thread]

AW: Verify the signature of OSes (for SB), Mathias Radtke, 2023/11/22
- Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22
  - Re: Verify the signature of OSes (for SB), Andrei Borzenkov, 2023/11/22
    - Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22
- AW: Verify the signature of OSes (for SB), Mathias Radtke <=
  - Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22

Prev by Date: Re: Verify the signature of OSes (for SB)
Next by Date: Re: Verify the signature of OSes (for SB)
Previous by thread: Re: Verify the signature of OSes (for SB)
Next by thread: Re: Verify the signature of OSes (for SB)
Index(es):
- Date
- Thread