Select Page

Linux as a UEFI bootloader and kexecing windows

As strange as it first seems, chainloading Windows from Linux application might be the more secure way to boot the system. The Linux shell scripts can perform a TPM-rooted remote attestation, receive the BitLocker keys from the attestation server and safely pass them to Microsoft’s bootloader in a UEFI ramdisk via kexec. This specialized Linux also makes an ideal OS install and recovery environment since it can use the vendor-provided device drivers to talk to the hardware, allowing a generic kernel to work on most devices without customization.

Trammel Hudson