[ipxe-devel] iPXE support for UEFI Secure Boot
mcb30 at ipxe.org
Mon Dec 11 16:56:50 UTC 2017
On 11/12/17 00:44, Ian Bobbitt wrote:
> It's unlikely that iPXE can, or will ever be able to, have a valid
> Secure Boot signature. iPXE is licensed GPL v2 (or later) .
> Microsoft, who are in charge of Secure Boot signatures, will not sign
> software subject to GPL v3 , because doing so would obligate them to
> publicly disclose their signing keys . Other Open Source projects
> that do have Secure Boot signed loaders use a shim  with another
> license (e.g. GPL v2 only, or a BSD variant) that is compatible with
> signed code.
Microsoft is prepared to sign iPXE provided that various subsystems with
known flaws are excluded. You can exclude the relevant subsystems using
instructions as per
I have previously obtained signed iPXE builds from Microsoft. The
process of obtaining a signed build from Microsoft is tedious and very
manual; this is the only reason that we do not have regular signed releases.
More information about the ipxe-devel