Message ID | 82c8ce93-a9a7-9309-2b04-8092ca84e7d6@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | SUPPORT.md: explicitly mention EFI (secure) boot status | expand |
On 11/05/2023 3:34 pm, Jan Beulich wrote: > While normal booting is properly supported on both x86 and Arm64, secure > boot reportedly requires quite a bit more work to be actually usable > (and providing the intended guarantees). The mere use of the shim > protocol for verifying the Dom0 kernel image isn't enough. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Hi Jan, On 11/05/2023 15:34, Jan Beulich wrote: > While normal booting is properly supported on both x86 and Arm64, secure > boot reportedly requires quite a bit more work to be actually usable > (and providing the intended guarantees). The mere use of the shim > protocol for verifying the Dom0 kernel image isn't enough. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <jgrall@amazon.com> Cheers, > > --- a/SUPPORT.md > +++ b/SUPPORT.md > @@ -63,6 +63,16 @@ For the Cortex A57 r0p0 - r1p1, see Erra > Status, x86 PV: Supported > Status, ARM: Experimental > > +### Host EFI Boot > + > + Status, x86: Supported > + Status, Arm64: Supported > + > +### Host EFI Secure Boot > + > + Status, x86: Experimental > + Status, Arm64: Experimental > + > ### x86/Intel Platform QoS Technologies > > Status: Tech Preview
--- a/SUPPORT.md +++ b/SUPPORT.md @@ -63,6 +63,16 @@ For the Cortex A57 r0p0 - r1p1, see Erra Status, x86 PV: Supported Status, ARM: Experimental +### Host EFI Boot + + Status, x86: Supported + Status, Arm64: Supported + +### Host EFI Secure Boot + + Status, x86: Experimental + Status, Arm64: Experimental + ### x86/Intel Platform QoS Technologies Status: Tech Preview
While normal booting is properly supported on both x86 and Arm64, secure boot reportedly requires quite a bit more work to be actually usable (and providing the intended guarantees). The mere use of the shim protocol for verifying the Dom0 kernel image isn't enough. Signed-off-by: Jan Beulich <jbeulich@suse.com>