| brent timothy saner on 22 Dec 2015 18:07:34 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Windows 10/UEFI/SecureBoot |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/22/2015 08:56 PM, Steve Litt wrote: > On Tue, 22 Dec 2015 17:23:40 -0500 > The preceding links were exactly my point. Look at those links. Really > read them. Look at what's involved, remembering that it's possible to > permanently brick a machine by writing the wrong stuff to the UEFI. > Especially view https://mjg59.dreamwidth.org/20303.html , and note that > although the the instructions are fairly long, they leave many points > for ambiguity. > it wasn't a process intended to be end-user interfered. poor design, if anything. idea was good, but implementation was pretty bad. not that i'd have expected anything different from MS, honestly. > Has anyone on this list actually used any of these on a non Redhat, non > SuSE, non Debian non Ubuntu machine? How long did it take you? What > missteps and misunderstandings did you encounter? > - -yes, on Arch. - -all of 30 minutes, including research. - -literally none, i was confused at how easy it was- i had to restore it to the default keyset and do it again just to confirm. but if you hate reading and just want a button to press, well, i wouldn't expect one to want to go through with it. these people, however, tend to also be the same people using RHEL/CentOS, Debian, SuSE, or Ubuntu. > Most of these docs are Redhat-centric. Well, if I wanted Redhat, that > already has a cert built in. System Rescue CD, not so much. The Arch ISO has secureboot enabled, as mentioned. One can even use the ArchISO project (https://wiki.archlinux.org/index.php/Archiso) to roll their own. And it hasn't been updated in a while so I probably need to review, but my own project (https://bdisk.square-r00t.net/git/BDisk/) should as well- really, all you need is your keys on something like a USB storage device formatted as fat32 and a UEFI shell from what I recall. > Until all this gets ironed out (possibly by the Justice Department, > because this makes Microsoft's monopolistic shenanigans of the late > 20th century look tame), I'll find sources that will let me return > something if it's impossible to turn off secure boot. Either that, or > I'll stick to used machines that I can boot System Rescue CD on. > > SteveT ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug