[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Install Guide vs. Secure Boot

Hi Lou!

On Fri, Jan 29, 2021 at 03:54:16PM -0700, Lou Poppler wrote:
>Hopefully this is already changed in the Bullseye install guide, but if not, I
>don't think I will learn how to make edits before Bullseye releases.
>The Buster install guide says in Section 3.6.3 
>   Another UEFI-related topic is the so-called “secure boot”
>   mechanism.  Secure boot means a function of UEFI implementations that
>   allows the firmware to only load and execute code that is
>   cryptographically signed with certain keys and thereby blocking any
>   (potentially malicious) boot code that is unsigned or signed with
>   unknown keys.  In practice the only key accepted by default on most
>   UEFI systems with secure boot is a key from Microsoft used for signing
>   the Windows bootloader.  As the boot code used by debian-installer is not 
>   signed by Microsoft, booting the installer requires prior deactivation of
>   secure boot in case it is enabled.
>My test on a recent weekly-build testing netinst seems to show that the above is
>no longer correct -- it booted fine for me in UEFI/SecureBoot mode.  I thought I
>remembered reading (somewhere) that all recent debian installers (and live
>systems??) can boot in legacy BIOS mode or UEFI mode with or without secure

Ah, good catch. I'm checking on this now...

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"Since phone messaging became popular, the young generation has lost the
 ability to read or write anything that is longer than one hundred and sixty
 characters."  -- Ignatios Souvatzis

Reply to: