Re: Secure boot - Uefi installation

[Joel Rees <joel.rees@gmail.com>]

On Tue, Apr 18, 2017 at 6:30 AM, Karagkiaouris Diamantis
<diamantis.karagkiaouris.dev@gmail.com> wrote:
> Dear All,
>
> How can i install debian with UEFI support? Is there any simple tutorial?

I hate to ask the obvious, but have you searched the web for, say,

    "secure boot shim grub"   ?

And have you looked at

    https://wiki.debian.org/SecureBoot   ?

> Also do i have to disable the secure boot and then proceed with uefi
> installation?
> I have tried but then a message "could not authenticate boot media" emerges
> and the boot stop right there.
> I am new to debian and i don't want to abandon for this silly reason.
>
> Thank you
>

Some other distributions provide you with a distribution-signed shim.
That means the distribution owns the cryptographic rights to remotely
admin your computer. (Cryptographic, not legal, and they eschew the
actual responsibility, of course.)

And you still may have a BIOS that doesn't really follow the UEFI
rules about any keys but the vendor's.

Debian is not doing that. If you want to use UEFI with Debian, you'll
have to make your own shim.

UEFI is only secure if you believe that letting your OS manufacturer
remotely admin your box is secure. Just say, "No."

Turn off secure boot.

And set the BIOS to allow MBR booting.

(That's two BIOS settings for most BIOSes, IIRC. At least, the last
time I did this, I had to do those separately in the BIOS I was
working with.)

-- 
Joel Rees

I'm imagining I'm a computer scientist:
http://defining-computers.blogspot.com/2017/04/model-boot-up-process-description-with.html