On 05/16/13 08:04, Gary Ching-Pang Lin wrote: > On Wed, May 15, 2013 at 03:22:53PM +0200, Laszlo Ersek wrote:
>> [...] I failed to secure boot Fedora 19 >> <http://www.linux-kvm.org/page/OVMF#Confirmation_of_secure_boot_in_Fedora_18>, >> which I guess might still relate to this thread (also started by you): >> <http://thread.gmane.org/gmane.comp.bios.tianocore.devel/2329>. > I think so. The git head OVMF (after applying your patch) works well with the > lastest SLE 11 SP3 boot loader. Actually it also works with Fedora 19 (unreleased for the time being) if (a) the "shim" utility is signed with "pesign-0.104-1.fc19" <https://koji.fedoraproject.org/koji/buildinfo?buildID=419603>, and (b) the following key enrollment scheme is used: RedHatTestCA -> PK <nothing> -> KEK RedHatTestCA -> DB rather than the older / original RedHatTestCA -> PK RedHatTestCertificate -> KEK RedHatTestCertificate -> DB The enrollment change in (b) is required because of the verification policy change in SVN r14141 <https://github.com/tianocore/edk2/commit/6de4c35f#L0L1014>. It proved quite a challenge for me to track (b) down <https://bugzilla.redhat.com/show_bug.cgi?id=963361>, but ultimately new pesign does work! Thanks, Laszlo ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
