First page Back Continue Last page Overview Image
The Linux story
- Firmware boots a signed shim binary
- Shim includes key(s)
- Adds an extra root of trust
- Also adds Machine Owner Keyring (MOK)
- Further programs signed using that key chain
- GRUB, fwupd, kernel image, UKI
- Shim: small bootloader with minimal dependencies
- Small enough to be audited
- BSD-licenced