[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:security:enabling_secure_boot [2015/02/21 18:36 (UTC)] – [Sources] Add author tag turtlelihowtos:security:enabling_secure_boot [2015/02/28 14:55 (UTC)] (current) – [Signing EFI Binaries] Add efilinux to list of bootloaders that allow unsigned kernels to run. turtleli
Line 60: Line 60:
  
 ===== Signing EFI Binaries ===== ===== Signing EFI Binaries =====
-My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO and syslinux (and possibly GRUB) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation, make sure you sign your kernel every time you change it.+My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO, efilinux and syslinux (and possibly GRUB but I do not know for sure) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation, make sure you sign your kernel every time you change it.
  
 You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run: You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run:
Line 106: Line 106:
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must remove the tag-word "template" below before saving your new page --> <!-- You must remove the tag-word "template" below before saving your new page -->
-{{tag>security secure_boot uefi author_turtleli}}+{{tag>howtos security secure_boot uefi author_turtleli}}
 howtos:security:enabling_secure_boot ()