On 19/11/23 18:29, Tim via users wrote:
The current motherboard I have and the previous one both allow UEFI to be disabled and they also both provide a means to turn off secure boot as well.Jeffrey Walton wrote:* SecureBoot should be turned off if using tainted kernel drivers. Or, you can cutover to driver signing. I usually turn off SecureBoot because I don't like messing around with driver signing. In my case, it usually is due to VirtualBox, not NVIDIA.Stephen Morris:As my system is a tri-boot between Windows 11, Fedora 39 and Ubuntu 22.04, and Windows doesn't seem to work properly with UEFI disabled, I've gone down the path of signing the nvidia drivers under Fedora and Ubuntu, using separate passwords as I found using the same password causes thing to not work properly.UEFI is a hardware interface (simplifying that description quite a lot) between the PC's hardware, firmware, and the OS before it boots, and the control screens it gives you for you to configure things. It's an update on the similiar, but more primitive, thing done with the old BIOS. Secure boot is a *separate* thing (though probably only exists on systems with UEFI). It's to do with only booting up from signed binaries (to verify that only authentic things can run, blocking any fake things that have snuck in). A problem with Secure Boot is that there are real and genuine things you may want to use that are not signed (such as some graphics card drivers). One solution to that is to sign them yourself, with a signature that you let things know that *you* trust. ("Signed" in these contexts is to do with cryptographic keys.) Though again, it could be that Windows won't boot without secure boot options set, not UEFI being disabled (not that I've seen a motherboard where you could disable UEFI and go back to BIOS).
regards, Steve
That and the TPM hardware that's touted as being more fantastic than it really is. As a home user you may feel that this security is kinda pointless, as no-one else is going to touch your PC and sneak things in. And anything nasty that does get in is going to get in by your own behaviour doing unwise things, for which you're going to ignore and disable any warnings not to do it. To that degree, that's true. And the same can be said about AntiVirus, SELinux, file permissions and ownership. But where such security features can help, is when you start to do something unwise without realising it, it blocks you, and you properly investigate the reasons.
OpenPGP_0x594338B1DE179AB2.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
