New UEFI Boot Solution
Greg Kroah-Hartman, maintainer of the stable Linux kernel, has published a guide on how to start a self-signed kernel under UEFI Secure Boot.
Kroah-Hartman chooses a method without boot loader: The Linux kernel can be compiled as an EFI binary that UEFI-boots directly from the computer. This approach requires some configuration options when compiling the Linux kernel.
Kroah-Hartman disables secure boot at the first attempt and then tests whether the binary boots. He then uses the UEFI keytool USB Image by James Bottomley, to secure the key preinstalled on the computer and then deletes it from the machine. Then he creates his own key using OpenSSL and installs it with the help of the software packages Sbsigntool and Efitools. Finally, he signs the self-built kernel and boots it successfully.
Greg Kroah-Hartman's blog entry contains the details and links. His Google Plus feed includes a video to illustrate.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.