On Fri, Jun 5, 2020 at 12:09 PM John M. Harris Jr <johnmh(a)splentity.com> wrote:
> Most laptops today have UEFI Secure Boot enabled by default and
> therefore hibernation isn't possible. And even when the laptop doesn't
> have Secure Boot enabled, there's a forest of bugs. It works for some
> people and not others. It was working for me on one laptop in
> February, consistently doesn't work now and I haven't gotten a reply
> yet from upstream about the problem.
It may be true that most laptops have "Secure Boot" enabled, but not those
running Fedora. We don't have numbers to support that claim, and most devices
require "Secure Boot" to be disabled, or to have the mode changed so that it
accepts new keys, to install Fedora.
Most systems that have UEFI Secure Boot enabled include Microsoft's
signing key. Fedora's shim is signed by Microsoft's signing key. And
shim contains Fedora's signing key, so that it can verify GRUB and the
kernel, both of which are signed by Fedora. It's been this way for ~8
years.
--
Chris Murphy