On Fri, 2019-03-29 at 16:45 +0100, Paul Gevers wrote: > Package: release-notes > X-Debbugs-CC: debian-boot@lists.debian.org > > As now discussion on the RT sprint, the release notes should probably > say something about the work on secure boot. > > I wouldn't know what to put in, so proposals are welcome. Until that > time, I file this bug to not forget. I don't have a complete proposed text, but I think the key points to include are: * Secure Boot is a feature enabled on most PCs that prevents loading unsigned code, protecting against some kinds of bootkit and rootkit. * Debian can now be installed and run on most PCs with Secure Boot enabled. * It is possible to enable Secure Boot on a system that has an existing Debian installation, if it already boots using UEFI. Before doing this, it's necessary to install shim-signed, grub-efi-amd64-signed or grub-efi-ia32-signed, and a Linux kernel package from buster. * Some features of GRUB and Linux are restricted in Secure Boot mode, to prevent modifications to their code. * More information can be found on the Debian wiki at <https://wiki.debian.org/SecureBoot>. Ben. -- Ben Hutchings It is easier to write an incorrect program than to understand a correct one.
Attachment:
signature.asc
Description: This is a digitally signed message part