On Sat, Aug 29, 2015 at 5:20 AM, Paul Cartwright pbcartwright@gmail.com wrote:
On 08/29/2015 01:25 AM, Chris Murphy wrote:
Then it is necessary to deactivate the Secureboot. This tool was implemented in Windows 8 with the new UEFI Bios, as a safety mechanism to prevent malicious software from booting in your PC, as well as “non authorized” operating systems.
Therefore, this tool will block any operating system from starting, besides Windows 8. So it must be deactivated.
In order to do that, it’s necessary to access your computer Bios, search for the option “Secureboot” and change it to “Disabled”.
The only correct part is "prevent malicious software from booting" otherwise everything else is somewhere between misleading and junk. Fedora has supported Secure Boot for almost three years.
that may be true, but however I got my fedora installed on this UEFI box is the way I am leaving it.. I am pretty sure I have secure boot turned off. it works, and I go with the KISS method, it works, I'm leaving it alone:)
UEFI Secure Boot implementation in Windows, Fedora, and openSUSE (and presumably Ubuntu, I don't recall testing it) is as simple as it gets. It's not so easy to understand but it's also not really necessary to understand it unless you're rolling your own kernels, and then you have to learn how to sign or hash your kernels and get shim to accept your cert or hashes.
The one consequence of enabling Secure Boot is the GRUB menu entry for Windows will not work. And although I haven't tried this, I actually suspect that the os-prober menu entries for other OS's won't work either because, e.g. the Fedora GRUB contains the key to verify Fedora kernels, but not Ubuntu. And vice versa.