Rich Freeman on 22 Dec 2015 14:18:13 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows 10/UEFI/SecureBoot

On Tue, Dec 22, 2015 at 3:54 PM, Rich Mingin (PLUG) <> wrote:
> I don't care for Secure Boot, I don't think it's something end users will
> implement well, but there's no reason you can't. Setup local signing keys,
> import them, and sign your local trusted Grub/rEFInd/other bootloader. If
> you're wildly independent, sign your distro's kernel binaries and boot them
> directly. Most kernels have efistub support enabled.

That still requires vendor goodwill.  If they don't let you turn off
secure boot there is no guarantee that they'll let you swap out the

However, I think there is another option. Didn't somebody get MS to
sign a bootloader so that it would run with the default keys and be
able to load linux images?  I believe it requires user interaction to
allow a new image to boot, which is how they got around the trust

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --