On Fri, Jun 5, 2020 at 12:19 PM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote: > > > The *only* case where Secure Boot must be disabled for the proper > > functioning of a PC today is if you use the NVIDIA proprietary > > drivers, because nobody is helping RPM Fusion set up a mechanism to > > sign their driver and load the key into the kernel for trust. > > Most of the "Secure Boot" hardware I've gotten my hands on have been early > generations, up to some produced in 2015. I've had to change the mode to > "deployment" on some HP ProDesk systems in order to get it to install Fedora, > for example. I can't speak for the most recent generations, but I remain > skeptical due to the "lockdown" functionality breaking everything. > > Other times you'd need to do so are when you'd like hibernation support, any > out of tree modules such as ZFS, kexec, hot patching.. That signing kernels is non-obvious and should get better does not mean it is good advice to tell people to disable UEFI Secure Boot. I have used out of tree ZFS in the past with Secure Boot enabled by signing the modules. Please move the non zram discussion to another thread. It's respectful to readers who come to this thread expecting to read about this subject matter. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
