iPXE discussion forum / iPXE user forums / General v / UEFI Secureboot with iPXE (selfsigned db,pk keys or shim + company cert signed by M$)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
UEFI Secureboot with iPXE (selfsigned db,pk keys or shim + company cert signed by M$)
2016-10-19, 17:43
Post: #2
NiKiZe Offline
iPXE nerd, and nerdy helper
*******
 		Posts: 975
Joined: 2015-Feb
Reputation: 23
RE: UEFI Secureboot with iPXE (selfsigned db,pk keys or shim + company cert signed by M$)
One issue with shim + ipxe is how would it be possible for it to PXE chainload the shim and then ipxe when there is no driver etc in the shim? or can grub boot over the network via shim as well?

Currently all loading of anything from within ipxe is done via normal firmware load, so all the verifying is done by efi firmware.

An alternative might be to use a signed shim.efi that can just take extra options for what it loads and with options, so your ipxe script would end up as
Code:
#!ipxe
initrd http://192.168.1.100/rhel72/images/pxeboot/initrd.img
initrd http://192.168.1.100/rhel72/images/pxeboot/vmlinuz
chain http://192.168.1.100/rhel72/images/pxeboot/shim.efi vmlinuz initrd=initrd.img inst.repo=http://192.168.1.100/centos7/

This is similar to what wimboot currently does.

This is just ideas based on what I have read about the ipxe signing.
We will need mcb30's input here.
Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: UEFI Secureboot with iPXE (selfsigned db,pk keys or shim + company cert signed by M$) - NiKiZe - 2016-10-19 17:43



User(s) browsing this thread: 1 Guest(s)

Contact Us | iPXE home page | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication