UEFI Secure Boot, Shim and Xen: Current Status and Developments

Daniel Kiper

The UEFI Secure Boot protocol is used to verify the authenticity of a Portable Executable (PE) binary before it is loaded and executed. Usually, this is a second stage bootloader, e.g. GRUB2, or an operating system kernel. Fedora’s Shim and Linux Foundation’s PreLoader are extensions to UEFI Secure Boot which make the authentication process more flexible. This presentation will deal with the most important aspects of UEFI Secure Boot and Shim. Additionally, it will discuss how the Xen hypervisor’s boot process can be protected with UEFI Secure Boot and a Shim binary. The presentation will show what is needed to make UEFI Secure Boot and Shim usable when booting Xen with GRUB2.

🔎 Xen · Boot Integrity
👥 Email



Source Code