b2bb40ce9a
Adds support for booting in a SecureBoot environment with shim as a preloader. Install an appropriate UEFI security policy to check PE signature of a chained kernel or UEFI application (using LoadImage()) against the MOK database maintained by shim, using shim's installed BootServices. Implementation details for installing the security policy are based on code from the LinuxFoundation's SecureBoot PreLoader, part of efitools licensed under LGPL 2.1 Current signed (by Microsoft) versions of shim (Versions 0.8 & 0.9) so not install a security policy by themselves, future Versions of shim might (a compile time switch exists in rectent git versions), so in the future this PR might become unnecessary. |
||
---|---|---|
.. | ||
efi | ||
bootctl.c | ||
Makefile |