UEFI Boot Sequence
According to the UEFI spec a device will initially start up and look for a particular file based on the architecture of the system:
As we need to bypass the standard boot, we use the jailbreak to hack the process using a supplemental policy, which enables testsignmode.
The CPU will load the boot setup, and then load up UEFI "bios".
UEFI will then load /efi/boot/bootarm.efi (which needs to be signed with a secureboot-key) into ram and pass it control to then load other stuff in turn.
We haven't been able to sign our own stuff yet ( if we could then we could just install uboot and bypass all the pain!).
So.. we use Microsoft's, aka WindowsBootManager (/efi/boot/bootarm.efi) to eventually load our boot tool (i.e. grub2)
Microsoft's bootarm.efi checks for
efi/microsoft/boot/bcd (boot configuration data)
(which then loads our special "jailbreak" policy), then loads a test.efi shim, which finally loads a secondary EFI file - i.e. GRUB2 or uefi shell placed in the root.
/boot.efi
Hardcoded bootloader boots "bootarm.efi"(1: windows bootmanager) Bootmanager loads BCD (2)
Bootmanager loads SecureBootDebug.efi, and the SecureBootDebugPolicy.p7b
Then loads a test.efi (lolhax? shim)
[this can be changed to our own shim, eg https://github.com/imbushuo/boot-shim/releases ]
Which finally loads our boot.efi
+efi
+---microsoft
+------boot
+---------fonts (obvious)
+---------bcd(2)
+---------(automatically generated files)
+---boot
+------bootarm.efi(1)
+unicode.pf2
+test.efi(3)
+grub.cfg
+BOOT.efi
https://wiki.debian.org/UEFI
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf
(although we use GRUB2, the boot process is quite similar, and this is worth a read!)
Last modified 3yr ago