[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian installation issue



On Mi, 23 iun 21, 19:43:14, Richard Hector wrote:
> 
> Is that something that needs to be done by one company? Perhaps because of
> how SecureBoot is implemented?
 
For a logistic point of view, at least for x86, Microsoft appears to be 
the natural choice: many mainboard manufacturers, but most hardware will 
end up running Windows anyway[1].

> I'd prefer to be able to add Debian's key either in addition to or instead
> of Microsoft's, which could also be happily installed alongside those of
> Intel, AMD, your favourite government security agency or whoever. And Debian
> can get theirs signed by whichever of those they might think is appropriate.
> But I want to be able to reduce that list to just Debian's, or just the
> EFF's, or mine. Whatever combination I choose.

In my limited understanding and experience with Secure Boot it's mostly 
up to the mainboard manufacturer.

As far as I can tell for the ASRock board here it's possible to provide 
a machine owner key, possibly also to revoke all other keys. Even if it 
does work, I'm pretty sure 99% of home users don't actually care about 
any of this.

[1] Yes, I'm aware there are lots of x86 Chromebooks, but those are 
special purpose hardware, and even there it might make sense to include 
Microsoft's key, just in case someone wants to attempt installing 
Windows on the limited storage available :D

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser

Attachment: signature.asc
Description: PGP signature


Reply to: