The following warnings occurred:
Warning [2] count(): Parameter must be an array or an object that implements Countable - Line: 807 - File: showthread.php PHP 7.3.15 (Linux)
File Line Function
/showthread.php 807 errorHandler->error





Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure booting linux / additional certificates
2017-04-06, 09:33
Post: #1
Secure booting linux / additional certificates
Hi,

we might want to look into the process of getting iPXE signed by Microsoft. We want to use it primarily to boot PXE boot Fedora in many environments. These will include BIOS, EFI w/o secure boot and EFI with secure boot.

We have the first 2 working just fine. It's the latter that's more complicated.

Secure boot with most distro's currently normally works with shim.efi which then loads grub. As this complicates the configuration a lot we'd like to prevent that.

From what I understood so far it's not possible currently to load additional certificates into iPXE for the secure boot validation, much like what shim does. Basically they get shim signed by Microsoft and shim has (and thus trusts) the certificate of RedHat or Ubuntu, etc. We would like to be able to include such certificates into iPXE so we can include the RedHat and preferably one of our own certificates into iPXE making it possible to directly boot code signed with those certificates from iPXE.

This would allow a single configuration with iPXE without additional requirements for shim/grub on secure boot platforms.

Could anyone comment on what would be required to get this working and if anyone knows the legal stuff comments on that would be welcome too. Not sure what the view on us requesting signing a binary with a RedHat certificate in it would be as we're not part of RedHat. There already are ways to boot binaries signed by RedHat certificates through their shim.efi so I doubt it would be a big no-no, but that's just from my technical perspective. I don't have any legal experience.

Thanks in advance.
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
Secure booting linux / additional certificates - freaky - 2017-04-06 09:33



User(s) browsing this thread: 1 Guest(s)