Secure Boot and OpenBSD
This guide only applies to systems installed and booting in UEFI mode.
This guide applies to amd64 machines, for i386 systems replace "bootx64.efi" with "bootia32.efi"
Follow the advice in this link to install a UEFI system:
It is possible to boot OpenBSD with Secure Boot enabled by using the Linux Foundation's PreLoader & HashTool utilities.
To implement this method, download the PreLoader.efi and HashTool.efi from here:
Then rename the OpenBSD UEFI bootloader to "loader.efi":
# mount /dev/sd0i /mnt # mv /mnt/efi/boot/BOOTX64.EFI /mnt/efi/boot/loader.efi
Then copy over HashTool.efi & PreLoader.efi and rename the latter as the default UEFI loader:
# cp HashTool.efi /mnt/efi/boot # cp PreLoader.efi /mnt/efi/boot/bootx64.efi
When the system starts the PreLoader will detect an unauthorised image (the OpenBSD bootloader) and will offer to start the HashTool so that the loader.efi can be authorised.
Use the menu options in the HashTool to enrol the loader.efi and reboot again.
More information here:
To revert the system, simply copy loader.efi back to bootx64.efi
Note that whenever the base system is upgraded, the bootloader should be copied back:
# mount /dev/sd0i /mnt # cp /usr/mdec/BOOTX64.EFI /mnt/efi/boot/loader.efi
Last edited by Head_on_a_Stick; 14th December 2015 at 10:05 PM. Reason: Added architecture-specific information
|Thread||Thread Starter||Forum||Replies||Last Post|
|OEMs Allowed To Lock Secure Boot In Windows 10 Computers||LeFrettchen||News||12||23rd March 2015 02:48 AM|
|FreeBSD FreeBSD begins process to support secure boot||J65nko||News||0||1st July 2013 07:47 PM|
|Secure Boot complaint filed against Microsoft||J65nko||News||0||26th March 2013 10:30 PM|
|Grub Secure Boot||shep||News||0||2nd December 2012 02:01 AM|
|Windows 8 secure boot would 'exclude' Linux and BSD*||J65nko||News||6||24th September 2011 06:27 PM|