From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mats Petersson Subject: Re: Xen.efi and secure boot Date: Fri, 30 Nov 2012 10:58:05 +0000 Message-ID: <50B8913D.40100@citrix.com> References: <50B63CCC02000078000AC34E@nat28.tlf.novell.com> <50B8981802000078000ACCFE@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 30/11/12 10:42, George Dunlap wrote: > On Fri, Nov 30, 2012 at 10:27 AM, Jan Beulich > wrote: > > So I learned a little more meanwhile - it's not that trivial: I'm told > the shim uses UEFI services to do the verification, and those > services only handle PE images. But we obviously can't reasonably > expect the Dom0 kernel to be packaged as PE image, as that > would then be unusable as DomU kernel (on older hosts at least, > i.e. even if we added a PE loader to libxc). > > > Sorry for the n00b question, but what's a PE image in this context? I think this refers to the Microsoft PE (portable executable) file format - that is, the file should be like a .EXE or .DLL on windows. I wish I thought I was wrong here, but I'm afraid that MS solutions are rather popular in some camps... Further searching seems to confirm that PE is indeed "standard format" for EFI. http://en.wikipedia.org/wiki/Portable_Executable -- Mats > > -George >