brent timothy saner on 22 Dec 2015 18:07:34 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows 10/UEFI/SecureBoot

Hash: SHA512

On 12/22/2015 08:56 PM, Steve Litt wrote:
> On Tue, 22 Dec 2015 17:23:40 -0500
> The preceding links were exactly my point. Look at those links. Really
> read them. Look at what's involved, remembering that it's possible to
> permanently brick a machine by writing the wrong stuff to the UEFI.
> Especially view , and note that
> although the the instructions are fairly long, they leave many points
> for ambiguity.

it wasn't a process intended to be end-user interfered. poor design, if
anything. idea was good, but implementation was pretty bad. not that i'd
have expected anything different from MS, honestly.

> Has anyone on this list actually used any of these on a non Redhat, non
> SuSE, non Debian non Ubuntu machine? How long did it take you? What
> missteps and misunderstandings did you encounter?

- -yes, on Arch.
- -all of 30 minutes, including research.
- -literally none, i was confused at how easy it was- i had to restore it
to the default keyset and do it again just to confirm. but if you hate
reading and just want a button to press, well, i wouldn't expect one to
want to go through with it. these people, however, tend to also be the
same people using RHEL/CentOS, Debian, SuSE, or Ubuntu.

> Most of these docs are Redhat-centric. Well, if I wanted Redhat, that
> already has a cert built in. System Rescue CD, not so much.

The Arch ISO has secureboot enabled, as mentioned. One can even use the
ArchISO project ( to roll
their own. And it hasn't been updated in a while so I probably need to
review, but my own project (
should as well- really, all you need is your keys on something like a
USB storage device formatted as fat32 and a UEFI shell from what I recall.

> Until all this gets ironed out (possibly by the Justice Department,
> because this makes Microsoft's monopolistic shenanigans of the late
> 20th century look tame), I'll find sources that will let me return
> something if it's impossible to turn off secure boot. Either that, or
> I'll stick to used machines that I can boot System Rescue CD on.
> SteveT

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --