On 20/2/18 7:43 pm, Samuel Sieb wrote:
On 02/19/2018 12:13 PM, Stephen Morris wrote:
I thought that with SB all your drivers etc had to be signed to be
able to boot from a SecureBoot system, and as such Fedora were using
Microsoft certificates, whereas Ubuntu was going down the path of
self signing. Given what you said around the
/usrlib/grub/x86_64-efi-signed directory, which doesn't exist on my
system, and if I understood you correctly doesn't exist in fedora
anyway, where are fedora's certificates, and, if I enable SecureBoot
in my bios do I have to also load the default certificates that the
bios offers?
Each OS has to get their bootloader to be signed by Microsoft's
certificate for the BIOS to accept it. It is usually possible to add
your own certificate to the BIOS store, but that is a somewhat
convoluted process that most users would not want to try going
through. Fedora's signed bootloader shim is in the shim-x64 package
and the EFI grub executables are in the grub2-efi-x64 package.
Those packages are installed on my system even though, as far as I'm
aware I have never had efi active, and I have never used a motherboard
that had SecureBoot enabled. I did not explicitly install those packages
and my assumption is they were installed with the F27 upgrade, but I can
verify whether they were installed in F26 or not.
regards,
Steve
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
