Re: [PATCH 1/1] OvmfPkg IA32: add support for loading X64 Linux images


Laszlo Ersek
 

On 02/14/20 16:05, Ard Biesheuvel wrote:
On Fri, 14 Feb 2020 at 15:45, Laszlo Ersek <lersek@redhat.com> wrote:
(5) Can you please explain how EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL
relates to Secure Boot and/or Trusted Boot?

(5a) Is the ".compat" section included in the image hashing?
Yes.

(5b) Does the DXE core subject such non-native images to verification /
measurement at all? (Sorry I didn't follow your original work on
EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL.)
Yes. They are treated entirely like ordinary images, with all the
policy checks regarding authentication and measurement.
[...]

Thank you!
Laszlo

Join devel@edk2.groups.io to automatically receive all group messages.