Gregory's Server@marcan Would it be possible to directly boot a kernel from m1n1, or even include the kernel image in m1n1? If Qubes OS ever gets Apple silicon support, I want to keep the secure boot chain as short as possible. Ideally, it would be no longer than Apple’s chain.
|
2 comments
joey
@alwayscurious yes you can do that. u-boot is embedded in the m1n1 binary currently (on the ESP), but it's not treated specially and you can just replace it with a Linux image |
@marcan Also, would it be possible to disable USB until the OS is running? That’s also something Qubes OS needs, as we isolate the USB stack in a VM for security. Outside of Qubes OS, it would allow USBGuard to be used.