Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Disabling UEFI and dual booting Linux and Windows



On Fri, 07 Dec 2012 17:52:26 -0500
Tom Metro <tmetro+blu at gmail.com> wrote:

> I'm confused.

This is understandable. Prior to this announcement there were at least
four different organizations doing exactly the same thing: Red
Hat, Canonical, SuSE and Linux Foundation. I'll admit to dubiousness
about whatever Linux Foundation claims to have been doing since most of
their spiel has been decrying Secure Boot rather than helping Linux
users utilize it. It would not surprise me to learn that they've been
intentionally Doing It Rong just to show off how 'evil' and 'onerous'
the signing process is.

Garrett's shim builds on SuSE's first stage UEFI boot loader, adding a
user-managed key store to the boot sequence. Put shim into your boot
sequence. Sign your second stage loader with your own key, let shim
store that key in its key store. Welcome to UEFI Secure Boot on any
operating system you like. This is actually better than what I'd
originally described here some months back because it lets you retain a
signed trust chain all the way up the boot sequence.

Put another way, envision GnuPG. That's what shim is: your keys, your
binaries.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org