There's a bug in shim that prevents it from loading a Linux kernel; it's a bit too strict in its checks for relocation information. The Linux kernel lacks EFI stub relocation information but loads just fine if the bulk of the relocation function is skipped. (This is what an actual EFI implementation does if the kernel is signed with a regular Secure Boot key.) Also, any post-shim boot manager that uses standard EFI calls to launch a boot loader must call back to shim and jump through some extra hoops, since the standard EFI calls don't "talk" to shim themselves. AFAIK, gummiboot doesn't yet do this. My own rEFInd (http://www.rodsbooks.com/refind/) does, as of version 0.5.0.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2012-12-10 02:59 am (UTC)