Rich Freeman on 22 Dec 2015 14:18:13 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows 10/UEFI/SecureBoot


On Tue, Dec 22, 2015 at 3:54 PM, Rich Mingin (PLUG) <plug@frags.us> wrote:
>
> I don't care for Secure Boot, I don't think it's something end users will
> implement well, but there's no reason you can't. Setup local signing keys,
> import them, and sign your local trusted Grub/rEFInd/other bootloader. If
> you're wildly independent, sign your distro's kernel binaries and boot them
> directly. Most kernels have efistub support enabled.
>

That still requires vendor goodwill.  If they don't let you turn off
secure boot there is no guarantee that they'll let you swap out the
keys.

However, I think there is another option. Didn't somebody get MS to
sign a bootloader so that it would run with the default keys and be
able to load linux images?  I believe it requires user interaction to
allow a new image to boot, which is how they got around the trust
issue.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug