On Fri, Dec 19, 2014 at 9:03 PM, Sid S <[email protected]> wrote: > > Anyway, I am kind of surprised people are still having problems with UEFI. > It's necessary to turn SecureBoot off, but otherwise I just got everything to > work. >
I've yet to do an EFI install, but presumably you could either sign the kernel or bootloader and load the key you used into the firmware (which is required to be supported for Microsoft compliance, so if it doesn't work you might consider mentioning it to Microsoft in the hope that they yank the Windows logo from the machine), or you could load an MS-signed shim which I believe exists. The latter is probably preferable as it basically gives you a secondary bootloader which makes the system a bit more flexible, but it still protects you from boot manipulation since the shim requires physical keyboard presence to change the boot config. I wouldn't completely discount secure boot - if you can configure it then it actually can be a powerful tool to give you more control over your own machine, much like a TPM. -- Rich
