Rich Mingin (PLUG) on 22 Dec 2015 12:54:23 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows 10/UEFI/SecureBoot


In that case, I'd humbly suggest you come to my UEFI talk. I'll be going over the broad strokes of how to setup Secure Boot so that you run the signing authority, not Other People out there somewhere.

I don't care for Secure Boot, I don't think it's something end users will implement well, but there's no reason you can't. Setup local signing keys, import them, and sign your local trusted Grub/rEFInd/other bootloader. If you're wildly independent, sign your distro's kernel binaries and boot them directly. Most kernels have efistub support enabled.

On Tue, Dec 22, 2015 at 3:20 PM, Steve Litt <slitt@troubleshooters.com> wrote:
> > On Tue, Dec 22, 2015 at 11:33 AM, Chris Norton
> > <chris@nortoninc.info> wrote:
> >
> >> Talking with someone today, he mentioned that a laptop he had with
> >> Win 10 prevented his computer from booting from a flash drive to
> >> dual boot.
> >>
> >> When I questioned him about it, he said that SecureBoot toggle is
> >> disabled when WIn 10 is installed. I personally am not willing to
> >> "upgrade" to Win 10 to test this out, but I'd love to have some
> >> proof that this guy is wrong.

> On Tue, Dec 22, 2015 at 11:44 AM, Rich Mingin (PLUG) <plug@frags.us>
> wrote:
>
> > Windows 10 install does not enable nor disable Secure Boot. That's
> > not something an OS can change for you, it requires user
> > interaction, by design.

On Tue, 22 Dec 2015 11:46:57 -0500
Chris Norton <chris@nortoninc.info> wrote:

> Rich,
>
> Of course it doesn't. I'm wondering if this particular person just
> doesn't know how to disable SecureBoot.
>
> I might just send him the directions you sent for dual boot and see
> what he says.
>

Windows 8 certification required secure boot, but it required a secure
boot that could be disabled. Windows 10 certification requires secure
boot, and is mute on whether or not it should be disableable. So when
you see a computer saying "Windows 10 authorized" or whatever, there's
no guarantee that you can disable the secure boot.

For those of us who use lesser known distros, this is a big problem.

SteveT
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug