Secure boot/signed images and GPL code

Patrick Williams patrick at stwcx.xyz
Thu Nov 5 00:31:13 AEDT 2020


On Tue, Nov 03, 2020 at 01:21:53PM -0800, Lee Fisher wrote:
> In this thread I don't see any reference to OpenBMC use of the existing
> Shim[1] -- the current Linux UEFI Secure Boot solution to address these
> legal issues. It seems that if the Shim can't work for OpenBMC case,
> then OpenBMC could create a similar Shim-like widget. FYI, there's a
> Shim mailing list.

The class of chips typically used for OpenBMC don't currently support
UEFI but instead use u-boot as the early initialization + boot loader.
u-boot has a concept of "Secondary Program Loader" (SPL) which can allow
a key indirection in a similar way to the UEFI shim.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201104/2b939004/attachment.sig>


More information about the openbmc mailing list