Re: [PLUG] Windows 10/UEFI/SecureBoot

Rich Freeman on 22 Dec 2015 14:18:13 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows 10/UEFI/SecureBoot

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Windows 10/UEFI/SecureBoot
Date: Tue, 22 Dec 2015 17:18:06 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=FhEC8H2qKnygNgsQDEQCuWAv0SIx0Pk3TH/VMhgoZoE=; b=jgQcyAEOAbQEqYALMmsDJewiWjY8XMo6JpGbE4vDijme0qmp3YWshALbajOc/CZnzY 43Z8j1l7EjPWAeWz0GDuGd5/RvSv9bIP/kwM7YEDm2udavvr0Yie5m9jj6fZGRd0xxeo NSGVolAy9jMdP1dtOaHKrZQph0KdX2sUsSS4aXt7EdK/zelvDwr3iqiu+1Km3wi79mZO rFfqTBs0vUU57MTpBho31Ro7D5z5v81MNtpXAwofEmWHCy1ceJKIWRfk4vbTxZf76q2I 8ufU6nfUNGS3Bgj3AVdPCIOK0+DV8o8V6mEC9sbEYC6qkc+gkt9f9F/CSZeF502/RV/E mpjQ==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Tue, Dec 22, 2015 at 3:54 PM, Rich Mingin (PLUG) <plug@frags.us> wrote:
>
> I don't care for Secure Boot, I don't think it's something end users will
> implement well, but there's no reason you can't. Setup local signing keys,
> import them, and sign your local trusted Grub/rEFInd/other bootloader. If
> you're wildly independent, sign your distro's kernel binaries and boot them
> directly. Most kernels have efistub support enabled.
>

That still requires vendor goodwill.  If they don't let you turn off
secure boot there is no guarantee that they'll let you swap out the
keys.

However, I think there is another option. Didn't somebody get MS to
sign a bootloader so that it would run with the default keys and be
able to load linux images?  I believe it requires user interaction to
allow a new image to boot, which is how they got around the trust
issue.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Windows 10/UEFI/SecureBoot
  - From: brent timothy saner <brent.saner@gmail.com>

References:
- [PLUG] Windows 10/UEFI/SecureBoot
  - From: Chris Norton <chris@nortoninc.info>
- Re: [PLUG] Windows 10/UEFI/SecureBoot
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] Windows 10/UEFI/SecureBoot
  - From: Chris Norton <chris@nortoninc.info>
- Re: [PLUG] Windows 10/UEFI/SecureBoot
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: [PLUG] Windows 10/UEFI/SecureBoot
  - From: "Rich Mingin (PLUG)" <plug@frags.us>

Prev by Date: [PLUG] ffmpeg slides and cheat sheet
Next by Date: Re: [PLUG] Windows 10/UEFI/SecureBoot
Previous by thread: Re: [PLUG] Windows 10/UEFI/SecureBoot
Next by thread: Re: [PLUG] Windows 10/UEFI/SecureBoot
Index(es):
- Date
- Thread