New UEFI Boot Solution

By

Maintainer of the stable Linux kernel recomments booting without a boot loader.

Greg Kroah-Hartman, maintainer of the stable Linux kernel, has published a guide on how to start a self-signed kernel under UEFI Secure Boot.
Kroah-Hartman chooses a method without boot loader: The Linux kernel can be compiled as an EFI binary that UEFI-boots directly from the computer. This approach requires some configuration options when compiling the Linux kernel.
Kroah-Hartman disables secure boot at the first attempt and then tests whether the binary boots. He then uses the UEFI keytool USB Image by James Bottomley, to secure the key preinstalled on the computer and then deletes it from the machine. Then he creates his own key using OpenSSL and installs it with the help of the software packages Sbsigntool and Efitools. Finally, he signs the self-built kernel and boots it successfully.
Greg Kroah-Hartman's blog entry contains the details and links. His Google Plus feed includes a video to illustrate.

09/03/2013
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=