[CentOS-devel] testing SecureBoot

Sat Jun 21 04:07:17 UTC 2014
Akemi Yagi <amyagi at gmail.com>

On Fri, Jun 20, 2014 at 5:44 PM, Karanbir Singh <mail-lists at karan.org> wrote:
> Hi,
>
> As a part of what we are doing in the project - and something we want to
> extend to all content built + signed + delivered via the project
> resources - I've been working on secureboot facilities and getting the
> infra around it online.
>
> After a bit of hop, step and jump ( and lots of help from Peter Jones at
> Red Hat ), I've got a baseline test run complete today. This compose is
> based on a newer-than-GA kernel, so dont stress too far about that, the
> release media will contain the GA kernel.
>
> You can find the tree here :
> http://buildlogs.centos.org/centos/7/os/x86_64-secureboot/
>
> The tree itself is based on the last good tree we pushed on the 18th June.
>
> Please test secureboot widely, its something new, its something we are
> doing differently than most of the other distro's out there at the
> moment ( but they will mostly all be doing it like this soon ).
>
> This new process is using an EV Code Signing key, validated by Microsoft
> rather than the first-gen system ( where people would setup their own CA
> root and request validation ).
>
> Feedback here and/or at bugs.centos.org,

A quick report - booting from boot.iso was successful with Secure Boot
enabled and the installation finished with no apparent error.

Akemi