[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
howtos:security:enabling_secure_boot [2015/02/21 18:57 (UTC)] – More tags turtlelihowtos:security:enabling_secure_boot [2015/02/28 14:55 (UTC)] (current) – [Signing EFI Binaries] Add efilinux to list of bootloaders that allow unsigned kernels to run. turtleli
Line 60: Line 60:
  
 ===== Signing EFI Binaries ===== ===== Signing EFI Binaries =====
-My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO and syslinux (and possibly GRUB) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation, make sure you sign your kernel every time you change it.+My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO, efilinux and syslinux (and possibly GRUB but I do not know for sure) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation, make sure you sign your kernel every time you change it.
  
 You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run: You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run:

Trace:

howtos:security:enabling_secure_boot ()