Unifying Secure Boot code and getting additions into UEFI

This proposal has been accepted as a session.


One Line Summary

Current state of unified secure boot code and plans for getting the architecture override into UEFI


Our two UEFI loaders currently have different approaches: The Linux Foundation one installs a security protocol override, which intercepts the UEFI secure boot check and means the UEFI code itself links and loads the permitted executables. The Red Hat/SUSE one loads permitted executables manually (via its own link loader), plus it has ssl key handling code whereas the Linux Foundation loader only does hashes.

We should discuss where we are unifying these two approaches and also where we’re at with persuading UEFI that the security protocol override is a valid approach which they should bless in the next revision of the UEFI standard.


  • Photo_james_w800

    James E.J. Bottomley

    Parallels, Inc.


    James Bottomley is CTO of Server Virtualisation at Parallels and Linux Kernel maintainer of the SCSI subsystem, PA-RISC Linux and the 53c700 set of drivers. He has made contributions in the areas of x86 architecture and SMP, filesystems, storage and memory management and coherency. He is currently a Director on the Board of the Linux Foundation and Chair of its Technical Advisory Board. He was born and
    grew up in the United Kingdom. He went to university t Cambridge in 1985 for both his undergraduate and doctoral degrees. He joined AT&T Bell labs in 1995 to work on Distributed Lock Manager technology for clustering. In 1997 he moved to the LifeKeeper High Availability project. In 2000 he helped found SteelEye Technology, Inc as Software Architect and later as Vice President and CTO. He joined Novell in 2008 as a Distinguished Engineer at Novell’s SUSE Labs and arallels in 2011.


Leave a private comment to organizers about this proposal