This means signing UEFI binaries and the kernel modules, which can be done with its own set of tools.īut first, more on the trust chain used for Secure Boot. ![]() The Secure Boot story in Ubuntu includes the fact that you might want to build your own kernel (but we do hope you can just use the generic kernel we ship in the archive), and that you may install your own kernel modules. People don’t generally change firmware or bootloader all that much, but what of rebuilding a kernel or adding extra modules provided by hardware manufacturers? In other words, not just the firmware and bootloader require signatures, the kernel and modules too. ![]() The whole concept of Secure Boot requires that there exists a trust chain, from the very first thing loaded by the hardware (the firmware code), all the way through to the last things loaded by the operating system as part of the kernel: the modules.
0 Comments
Leave a Reply. |