[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:security:enabling_secure_boot [2015/02/21 18:36 (UTC)] – [Sources] Add author tag turtleli | howtos:security:enabling_secure_boot [2015/02/28 14:55 (UTC)] (current) – [Signing EFI Binaries] Add efilinux to list of bootloaders that allow unsigned kernels to run. turtleli | ||
---|---|---|---|
Line 60: | Line 60: | ||
===== Signing EFI Binaries ===== | ===== Signing EFI Binaries ===== | ||
- | My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO and syslinux (and possibly GRUB) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation, | + | My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO, efilinux |
You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run: | You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run: | ||
Line 106: | Line 106: | ||
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> | ||
<!-- You must remove the tag-word " | <!-- You must remove the tag-word " | ||
- | {{tag> | + | {{tag>howtos |