[yocto] How to create a signed bootloader and Linux kernel on a UEFI BIOS
Tom Rini
trini at konsulko.com
Thu Jan 31 07:36:30 PST 2019
On Thu, Jan 31, 2019 at 12:53:36PM +0100, Dominig ar Foll (Intel Open Source) wrote:
> Hello,
>
> Securing the full boot chain on a UEFI BIOS such as those provided on
> Intel platforms is possible but not that simple.
> Working, detailed documentation is not easy to find anywhere.
>
> Some of my students from Lorient (University of South Brittany) have
> done a good documentation job on
> a HowTo create and boot a signed kernel and Grub2 on a UEFI BIOS.
>
> As it could be useful to some of you, I share the link.
> https://ubs_csse.gitlab.io/secu_os/tutorials/linux_secure_boot.html
>
> Thanks to Romain Brenaget, Jerôme Blanchard and Pierre Fontaine from the
> Master1 in Embedded Cyber Security.
>
> fontaine.e1800982 at etud.univ-ubs.fr
> brenaget.e1803332 at etud.univ-ubs.fr
> blanchard.e1804130 at etud.univ-ubs.fr
I did pick up something new reading through those docs, so thanks for
the link. Please note that in the context of OpenEmbedded
https://github.com/jiazhang0/meta-secure-core/tree/master/meta-efi-secure-boot
provides all of this and is fairly well documented. There may be some
interesting parts in there for you and your team as it does handle the
kernel/initramfs question differently.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190131/5f81289d/attachment.pgp>
More information about the yocto
mailing list