Hello, Securing the full boot chain on a UEFI BIOS such as those provided on Intel platforms is possible but not that simple. Working, detailed documentation is not easy to find anywhere.
Some of my students from Lorient (University of South Brittany) have done a good documentation job on a HowTo create and boot a signed kernel and Grub2 on a UEFI BIOS. As it could be useful to some of you, I share the link. https://ubs_csse.gitlab.io/secu_os/tutorials/linux_secure_boot.html Thanks to Romain Brenaget, Jerôme Blanchard and Pierre Fontaine from the Master1 in Embedded Cyber Security. fontaine.e1800...@etud.univ-ubs.fr brenaget.e1803...@etud.univ-ubs.fr blanchard.e1804...@etud.univ-ubs.fr -- Dominig ar Foll Senior Software Architect Intel Open Source Technology Centre -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
