[09:12] <MeanderingCode> hello all.  i'm wondering: is there such thing as a bootable image for armv7 (tegra 3) with a "secure boot" signed bootloader?
[09:12] <MeanderingCode> because, well, that would make my day
[09:12] <MeanderingCode> or my month :)
[11:39] <both> Are there any ARM beginners here?
[20:31] <MeanderingCode> anyone up for my previous question?
[21:16] <k1l_> MeanderingCode: best is to ask the community around that device to get to know what to do
[21:27] <MeanderingCode> k1l_: there is no community around the device :)
[21:28] <k1l_> MeanderingCode: its not like on the desktop where we have one .iso and generic drivers for all sort of hardware.
[21:29] <MeanderingCode> k1l_: i've been gathering that, from reading yesterday.  but, there must be a bootloader, yes?
[21:29] <MeanderingCode> and with it, one could make a bootable USB
[21:30] <MeanderingCode> *bootloader, or this "Shim" thing i've read about w/ secure boot signed x86 bootloaders
[21:31] <k1l_> so you got a locked bootloader on that device?
[21:32] <MeanderingCode> it's a surface rt, tegra 3 processor...the UEFI is locked to secure boot.  it will boot from USB, but it would have to be a signed bootloader for the uefi secure boot to load any code
[21:33] <MeanderingCode> *and i know no one is working on it, and no one cares, and it's considered a dead end/lost cause, but i have inherited one and (if there is a signed shim or bootloader for armv7), there is really no reason it couldn't run linux for arm
[21:34] <k1l_> iirc the microsoft tablets are locked bootloaders and you cant sign a kernel because you dont get the microsoft key
[21:35] <k1l_> see http://forum.xda-developers.com/showthread.php?t=2655398
[21:41] <MeanderingCode> k1l_: yes, i've read that.  essentially (before it spun off into exploit and bootstrapping), one person said they thought they recalled that there were no signed bootloaders/kernels for linux on arm.  there is on x86, and that's one of the 2 or 3 unauthoritative places i've seen that statement made, which is why i thought i'd ask here about secure boot signed arm bootloaders/shim
[21:42] <k1l_> MeanderingCode: secureboot on pc (x86) is a total other business than arm for microsoft.
[21:42] <k1l_> on arm its locked by default
[21:43] <MeanderingCode> i realize that.
[21:43] <k1l_> so it will not help that its different on x86 as long as there are no keys for arm.
[21:43] <MeanderingCode> are you saying that you know there are no signed linux bootloaders for arm, or that it is different
[21:43] <MeanderingCode> because i already know that it is different
[21:43] <k1l_> which microsoft made because to save their business for arm.
[21:44] <k1l_> microsoft demands locked bootloaders if the device ships microsoft windows.
[21:44] <k1l_> (on arm)
[21:49] <k1l_> MeanderingCode: the setup on most arm is: hardcoded bootloader which either boots only signed kernels or could be opened to boot even unsigned kernels. for microsoft shiping devices microsoft demands to only boot microsoft signed kernels.
[21:50] <k1l_> i am not aware of a method to evade that hardcoded bootloaders. even on devices that ship android (linux kernel) they could not break that but used other methods like kexec to boot another unsigned kernel after the original signed kernel was booted. but i am not aware that works with microsoft.
[21:51] <k1l_> that is why you should ask the surface community, because they will know best on the specific setup of that device.
[22:12] <MeanderingCode> k1l_: thanks for all the insight.  maybe i'll dig futher to see if anyone's done it, or maybe i'll just give it to my kids to play games when out and about :)