Garrett: A detailed technical description of Shim
[Distributions] Posted Oct 30, 2012 20:22 UTC (Tue) by ris
Matthew Garrett describes
Shim, the first stage bootloader used to support Secure Boot. "handle_image() is the real meat of Shim. First it has to examine the header data in read_header(), copying the relevant bits into a context structure that will be used later. Some basic sanity checks on the binary are also performed here. If we're running in secure mode (ie, Secure Boot is enabled and we haven't been toggled into insecure mode) we then need to verify that the binary matches the signature and hasn't been blacklisted."
Comments (none posted)