Linux Foundation's Secure Boot bootloader restructured

Filed under

James Bottomley has substantially restructured the mini bootloader to allow any Linux version to be launched on PCs with UEFI Secure Boot. The boot loader's development has been sponsored by the Linux Foundation. The revised version uses a different method to boot the more complex secondary bootloader; this enables it to co-operate with Gummiboot, which was introduced last summer. Gummiboot doesn't load or start Linux itself like GRUB does, instead it accesses EFI mechanisms; this keeps its structure significantly less complex than that of GRUB. When Secure Boot is active, however, this approach requires other, firmware-related mechanisms to verify the kernel before it is launched.

In a blog post, Bottomley says that, as a consequence of this, Gummiboot doesn't work with Shim or the original version of the Linux Foundation's bootloader when Secure Boot is active. Further details can be found in the slides for a presentation⁠PDF given by Bottomley, a member of the Linux Foundation's Technical Advisory Board, at 2013.

rest here