Hi Ulrich,Indeed, secure boot is not supported by Qubes OS 4.3, nor any prior version to my knowledge, mainly because it is not supported by Xen; but also because secure boot is not an amazing system. Quoting the Heads developer:
"What's wrong with UEFI Secure Boot?Can't audit it, signing keys are controlled by vendors, doesn't handle hand off in all cases, depends on possible leaked keys."
If you want an alternative, you have Heads (https://trmm.net/Heads/,https://osresearch.net/) or Anti evil maid (https://doc.qubes-os.org/en/latest/user/security-in-qubes/anti-evil-maid.html#anti-evil-maid-aem).
You may want to check the following:- https://doc.qubes-os.org/en/latest/introduction/faq.html#is-secure-boot-supported - https://forum.qubes-os.org/t/is-it-possible-to-enable-uefi-secure-boot-in-qubes-os/1640
Kindly, Shuos Jedao Encrypt and sign your emails! You can check my PGP keys at https://keys.openpgp.org On 1/8/26 19:09, Ulrich Windl wrote:
I just discovered that Qubes OS 4.3 is not ready for secure boot, and even if I don't have Microsoft's latest certificates installed. Is this expected? Most modern hardware comes with secure boot enabled these days. Kind regards, Ulrich
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/qubes-users/f00ad62b-0752-4120-828d-65c1d35a8c60%40posteo.net.
OpenPGP_0xA401F6578219BBE5.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
