On Mon, Jul 27, 2020 at 01:57:02PM -0400, D. Hugh Redelmeier via talk wrote: > Secure Boot: > > Microsoft requires PC hardware to be shipped with Secure Boot enabled. I > think that they also require that it be possible to disable it (but only > manually, not by program). > > Secure boot requires that there be a cryptographically authenticated > unbroken chain of things that lead to loading the OS. Authentication of > things loaded by the UEFI amounts to being signed by a key for which the > firmware knows the public key. > > The only public key most UEFI firmware knows is controlled by > Microsoft. Red Hat has arranged for Microsoft to sign a loader that > will then load other things: shim.efi. Red Hat made this available to > any other Linux Distro, I think. > > Some other Linux systems have adopted this. For example, UBUNTU and SuSE. > I don't know if your distro has. > > Suggestion: disable secure boot and continue your experiments. I know you > said that you cannot find the setting, but it must be there somewhere in > the firmware setup screen. > > Odd: googling seems to suggest that the only way to turn off SB on Asus > boards is to delete the PK key. If you are going to do this, please save > the key first in case you need to restore it.
No need. There is a load default keys option to restore the microsoft keys. -- Len Sorensen --- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
