Hi, JD0x: > First off, I’d like to give big thanks to the Tails maintainers and > community.. truly > an amazing distribution.
Thanks! :) > I’ve lurked and used the OS for some time now and I would > like to inquire on the current status of UEFI secure boot with Tails. Working > in > security space I get people ask me what to use for privacy & privacy, however, > I believe UEFI Secure Boot is a big pain point for adoption as disabling > Secure Boot > in BIOS is difficult for the average person. Fully agreed. Next step is to implement https://labs.riseup.net/code/issues/15292 which is the first blocker (if we don't support Secure Boot for all USB installation methods we support the UX stumbling block remains for initial installation). We have submitted a grant proposal that, if accepted, will allow us to make #15292 happen by the end of the year. Once this is done adding support for Secure Boot should be doable. > Am willing to contribute time if it would help get this fixed. This would be amazing! Indeed, last time I checked, GRUB2 + Shim seemed to be the way to go. This won't give fully verified boot until Debian's Linux kernel is signed but that'll at least address the UX problem. Suggestions if you want to start working on this before #15292 is done: - https://tails.boum.org/contribute/how/code/ - update the blueprint to include this update - look into replacing isolinux/syslinux for all installation methods (starting point: https://labs.riseup.net/code/issues/12440) - check the status of GRUB2 + Shim in Debian - look at how other live distros handle this problem Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tailsfirstname.lastname@example.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.