New UEFI Boot Solution
Greg Kroah-Hartman, maintainer of the stable Linux kernel, has published a guide on how to start a self-signed kernel under UEFI Secure Boot.
Kroah-Hartman chooses a method without boot loader: The Linux kernel can be compiled as an EFI binary that UEFI-boots directly from the computer. This approach requires some configuration options when compiling the Linux kernel.
Kroah-Hartman disables secure boot at the first attempt and then tests whether the binary boots. He then uses the UEFI keytool USB Image by James Bottomley, to secure the key preinstalled on the computer and then deletes it from the machine. Then he creates his own key using OpenSSL and installs it with the help of the software packages Sbsigntool and Efitools. Finally, he signs the self-built kernel and boots it successfully.
Greg Kroah-Hartman's blog entry contains the details and links. His Google Plus feed includes a video to illustrate.
Related content
- Linux Kernel Project Becomes CVE Numbering Authority
- New Kernel Report from the Linux Foundation
- It's Official, Linux 5.10 is the Next LTS Kernel
-
Setting up a PXE boot server
Set up a PXE server for BIOS and UEFI clients and use it to boot Linux or Windows. - Linux Foundation Sounds Off on UEFI
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Focus On Self-Hosting
• Self-Hosted PaaS with Coolify
• Build and Host Docker Images
• Self-Hosted Pritunl VPN Server with MFA
• Self-Hosted Chat Servers
• Self-Hosted Remote Support with RustDesk
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
