Re: Install Guide vs. Secure Boot
Hi Lou!
On Fri, Jan 29, 2021 at 03:54:16PM -0700, Lou Poppler wrote:
>Hopefully this is already changed in the Bullseye install guide, but if not, I
>don't think I will learn how to make edits before Bullseye releases.
>
>The Buster install guide says in Section 3.6.3
>https://www.debian.org/releases/stable/amd64/ch03s06.en.html#UEFI
>
> Another UEFI-related topic is the so-called “secure boot”
> mechanism. Secure boot means a function of UEFI implementations that
> allows the firmware to only load and execute code that is
> cryptographically signed with certain keys and thereby blocking any
> (potentially malicious) boot code that is unsigned or signed with
> unknown keys. In practice the only key accepted by default on most
> UEFI systems with secure boot is a key from Microsoft used for signing
> the Windows bootloader. As the boot code used by debian-installer is not
> signed by Microsoft, booting the installer requires prior deactivation of
> secure boot in case it is enabled.
>
>My test on a recent weekly-build testing netinst seems to show that the above is
>no longer correct -- it booted fine for me in UEFI/SecureBoot mode. I thought I
>remembered reading (somewhere) that all recent debian installers (and live
>systems??) can boot in legacy BIOS mode or UEFI mode with or without secure
>boot.
Ah, good catch. I'm checking on this now...
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"Since phone messaging became popular, the young generation has lost the
ability to read or write anything that is longer than one hundred and sixty
characters." -- Ignatios Souvatzis
Reply to: