On Thu, Dec 8, 2016 at 4:18 PM, Giovanni Santini <itachi.sama.amater...@gmail.com> wrote: > Il 08/12/2016 14:01, Andrei Borzenkov ha scritto: >> >> There are two preloaders (loosely calling shim also preloader). Linux >> Foundation's one overrides standard security protocol, so assuming >> this was successful, it should be fully transparent. Another one is >> shim, which installs additional protocol and needs explicit support to >> call it. All distributions I am aware of are based on shim, and so >> carry additional patches to grub. >> > > I am using Linux Foundation's PreLoader. It is the version signed by > Microsoft, so it is recognized properly by Secure Boot. > Also, Linux OSes (tested on ArchLinux and Ubunut) loaded by Preloader + > grub2 are run under Secure Boot properly (tested using the method at [1]). > >> >> Yes, it should be this one. Although full patch set is rather more extensive. >> > > Nice indeed! I will try to build it applying that patch... and hoping it > won't broke completely GRUB ;P >
Well, I do not know about Arch, but Ubuntu is using patch similar to openSUSE, which means - it REQUIRES shim. Patch replaces default chainloader command with one that calls shim and fails if it cannot do it. It should have provided additional one, chainloaderefi similar to linuxefi, instead. > Will give you feedback ASAP! > > [1] https://wiki.archlinux.org/index.php/Secure_Boot#Booting_archiso > > -- > Giovanni Santini > My blog: http://giovannisantini.tk > My code: https://git{hub,lab}.com/ItachiSan > My GPG: 2FADEBF5 _______________________________________________ Help-grub mailing list Help-grub@gnu.org https://lists.gnu.org/mailman/listinfo/help-grub
