Re: UEFI Secure Boot
From: James Bottomley
Date: Thu Jul 05 2012 - 04:33:25 EST
[added mailing list cc's since this is probably going to be a common question]
On Wed, 2012-07-04 at 12:52 -0400, Finnbarr P. Murphy wrote:
> Hi James,
> Nice work on your UEFI Secure Boot demo code!
> Have you experimented with either of the following scenarios?
> - Removing current PK via a utility
> - Replacing current PK with a new PK via a utility
> assuming you know existing PK keys.
Not yet ... I'm still working on writing the code that constructs the
time based authentication bundle for the variables. When I have it, it
will appear in my git repository (and I'll probably send a note to the
> From Chapter 27 of the UEFI Specification, this should be possible but
> I cannot get either scenarios to work (due to error 26 - Security
> Violation) Perhaps it is the OVMF implementation (latest from trunk)
> but I suspect it is just my old age!
Constructing time based authentication bundles is complex ... are you
sure you have the code right? error 26 means the platform doesn't think
the authentication is correct.