Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Boot #15

Open
qzed opened this issue Jun 11, 2022 · 2 comments
Open

Secure Boot #15

qzed opened this issue Jun 11, 2022 · 2 comments
Labels
A: Boot Area: Boot problems

Comments

@qzed
Copy link
Member

qzed commented Jun 11, 2022

Secure Boot doesn't work. The problem is that there doesn't seem to be a signed shim for AArch64 (shimaa64.efi). Until Microsoft / the UEFI CA provides one, there is currently nothing we can do about that.
@qzed qzed added the A: Boot Area: Boot problems label Jun 11, 2022
@qzed qzed moved this from Todo to Blocked in Surface Pro X Linux Support Jun 11, 2022
@qzed qzed moved this from Blocked to Tracking Upstream in Surface Pro X Linux Support Jun 11, 2022
@qzed
Copy link
Member Author

qzed commented Jun 12, 2022

It turns out that openSUSE provides a signed shim for Leap at https://download.opensuse.org/distribution/leap/15.4/repo/oss/aarch64/ (direct link). This can be used to boot grub via prior a enrolled hash, but unfortunately grub doesn't want to load other images. In addition it seems that the devicetree command is not allowed in lockdown mode.

Fedora patches grub to make it play nice with shim. We may need to do the same thing / pull in those patches. Unfortunately, however, those patches seem to be the ones breaking boot (#12). So we should first figure out why that is and how we can fix it.

@qzed qzed moved this from Tracking Upstream to Blocked in Surface Pro X Linux Support Jun 12, 2022
@qzed
Copy link
Member Author

qzed commented Jun 29, 2022

With the recent advances in #12 we are now only blocked by the devicetree command not being allowed. Maybe DtbLoader can provide a way around this?

@qzed qzed moved this from Blocked to Todo in Surface Pro X Linux Support Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A: Boot Area: Boot problems
Projects
Surface Pro X Linux Support
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@qzed