Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
howtos:security:enabling_secure_boot [2015/02/21 18:57 (UTC)]
turtleli More tags
howtos:security:enabling_secure_boot [2015/02/28 14:55 (UTC)] (current)
turtleli [Signing EFI Binaries] Add efilinux to list of bootloaders that allow unsigned kernels to run.
Line 60: Line 60:
  
 ===== Signing EFI Binaries ===== ===== Signing EFI Binaries =====
-My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO and syslinux (and possibly GRUB) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation,​ make sure you sign your kernel every time you change it.+My recommendation (at the time of writing) is that you either use a boot manager with an EFI stub kernel, or directly boot an EFI stub kernel. ELILO, efilinux ​and syslinux (and possibly GRUB but I do not know for sure) will allow unsigned kernels to run (or at least it does on my hardware and VM), which defeats the purpose of Secure Boot. If you do follow my recommendation,​ make sure you sign your kernel every time you change it.
  
 You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run: You will need to sign all EFI binaries, up to, and including your bootloader and/or EFI stub kernel. To sign an binary, run:

In Other Languages
QR Code
QR Code howtos:security:enabling_secure_boot (generated for current page)