Re: F40 Change Proposal: Unified Kernel Support Phase Two (System-Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

  Hi,

> Does that mean that the Linux EFI boot code knows how to call back to
> shim to get the certificates instead of reading the firmware directly?

No.  The linux efi stub doesn't need that.

shim.efi does:

  (a) Set efi variables, where the linux kernel can read the
      certificates from.  This works the same way for both traditional
      kernels and UKIs.

  (b) provide an efi protocol for bootloaders, which can be called by grub
      and systemd-boot to verify the signature for binaries they load
      (typically the linux kernel, but could also be fwupd.efi).

take care,
  Gerd
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux