[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signature verification in GRUB
From: |
Chris Murphy |
Subject: |
Re: Signature verification in GRUB |
Date: |
Tue, 9 Oct 2012 18:32:49 -0600 |
Google
"secure boot" site:mjg59.dreamwidth.org
Basically Fedora 18 will be the first Fedora to support UEFI Secure Boot. They
are moving to a shim bootloader before GRUB2 because GRUB2 is GPLv3 licensed,
which requires making signing keys available (Installation Method requirement)
so users can still make their own modifications and boot the system with those
modifications.
The way I understand it is Fedora will use their own shim signed with the
Microsoft key, then have the shim load GRUB2. So everything has to be signed or
the adventure is pointless.
Another strategy is what SUSE is doing, which is a bit different, and worth
looking into as well. This most recent post may be most applicable but sorta
depends on understanding the background:
http://mjg59.dreamwidth.org/17542.html
Chris Murphy