User: Password:
Subscribe / Log in / New account

Preparing the kernel for UEFI secure boot

Preparing the kernel for UEFI secure boot

Posted Sep 7, 2012 9:00 UTC (Fri) by etienne (guest, #25256)
In reply to: Preparing the kernel for UEFI secure boot by rvfh
Parent article: Preparing the kernel for UEFI secure boot

IHMO if you cannot disable 'secure' boot in the beginning you will not be able to install Linux anyway, because you will not be able to boot the DVD containing the distribution (that would be an unverifiable/unsecured boot and no way to check El-Torito bootloader/kernel combined security); same for network booting (start/authorise the booting before receiving the kernel so no way to check it).
For sure you may be able to disable 'secure' boot using a PS2 keyboard (the USB stack will not be completely initialised in time for you to press the magic key on your USB keyboard), once you have guessed which magic key combination to press (displaying that key combination on the screen would not be secure). Unfortunately the PC motherboard manufacturer will remove the PS2 keyboard plug to save money, did you kept your soldering iron?
Moreover, removing/untrusting root means that there is no more any way to debug/repair bad stuff happening, a failing hard disk, a signed but buggy driver on your hardware, a corrupted UEFI FLASH / bad UEFI FLASH checksum, a video card exchanged by the same one but with a different BIOS...

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds