On 02/19/2018 12:13 PM, Stephen Morris wrote:
I thought that with SB all your drivers etc had to be signed to be able to boot from a SecureBoot system, and as such Fedora were using Microsoft certificates, whereas Ubuntu was going down the path of self signing. Given what you said around the /usrlib/grub/x86_64-efi-signed directory, which doesn't exist on my system, and if I understood you correctly doesn't exist in fedora anyway, where are fedora's certificates, and, if I enable SecureBoot in my bios do I have to also load the default certificates that the bios offers?
Each OS has to get their bootloader to be signed by Microsoft's certificate for the BIOS to accept it. It is usually possible to add your own certificate to the BIOS store, but that is a somewhat convoluted process that most users would not want to try going through. Fedora's signed bootloader shim is in the shim-x64 package and the EFI grub executables are in the grub2-efi-x64 package.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
