All of lore.kernel.org
 help / color / mirror / Atom feed
From: Khalid Aziz <khalid.aziz@hp.com>
To: joeyli <jlee@suse.com>
Cc: linux-kernel@vger.kernel.org, JBottomley@parallels.com,
	linux-efi@vger.kernel.org
Subject: Re: Fwd: UEFI Secure boot using qemu-kvm
Date: Thu, 12 Jul 2012 16:17:54 -0600	[thread overview]
Message-ID: <1342131474.3577.47.camel@lyra> (raw)
In-Reply-To: <1341073290.16691.14.camel@linux-s257.site>

I Tried to follow the steps Joey had written down (Thanks for doing
that!) on Ubuntu 12.04 and ran into some problems. Here is what I had to
do differently to get it to work:

- Install libssl-dev

- Use "sudo alien --to-deb sbsigntools-0.3-1.1.x86_64.rpm" to convert
sbsigntools package and "dpkg -i" the resulting deb package

- Before building efitools, edit Make.rules and replace "/usr/lib64"
with "/usr/lib"

- Run "make PK.h DB.h KEK.h" followed by "make". Make will fail to build
Loader.so with error being __stack_chk_fail is undefined. Ubuntu's
version of gcc enables stack check by default and adding
-fno-stack-protector to CFLAGS did not help. I haven't figured this one
out yet but Helloworld.efi builds correctly.

- Run "make HelloWorld-kek-signed.efi" to build signed version of hello
world.

- At this point I could fire up qemu and run the signed and unsigned
versions of hello world (HelloWorld-kek-signed.efi and HelloWorld.efi)
with secure boot disabled and enabled after importing PK and KEK as Joey
showed in his instructions.

Hope this helps someone who is trying this on Ubuntu. Now on to figuring
out how to build Loader.efi.

-- 
Khalid Aziz <khalid.aziz@hp.com>


  reply	other threads:[~2012-07-12 22:17 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-28 10:01 UEFI Secure boot using qemu-kvm joeyli
2012-06-28 10:22 ` James Bottomley
2012-06-28 10:49   ` joeyli
     [not found] ` <CAGLnvc-hLpUZaaOkeWMRtYefwL5goxuWP_99FyAzem7s_mncPg@mail.gmail.com>
2012-06-28 10:24   ` Fwd: " joeyli
2012-06-30 16:21     ` joeyli
2012-07-12 22:17       ` Khalid Aziz [this message]
2012-07-19  9:41         ` James Bottomley
2012-07-19 15:55           ` Khalid Aziz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1342131474.3577.47.camel@lyra \
    --to=khalid.aziz@hp.com \
    --cc=JBottomley@parallels.com \
    --cc=jlee@suse.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.