Announcement

Collapse
No announcement yet.

Debian 10 "Buster" Working To Have UEFI SecureBoot In Good Shape

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Debian 10 "Buster" Working To Have UEFI SecureBoot In Good Shape

    Phoronix: Debian 10 "Buster" Working To Have UEFI SecureBoot In Good Shape

    While most major Linux distributions have been supporting UEFI SecureBoot for years already in order to work nicely on modern locked-down (generally Windows pre-loaded) PCs, Debian stable releases have yet to properly support SecureBoot but that should be changing with this year's release of 10.0 Buster...

    Debian 10 "Buster" Working To Have UEFI SecureBoot In Good Shape - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Debian-10-Testing-Secure-Boot
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    Who on earth installs Debian stable on a notebook or otherwise SecureBoot-ed PC?

    Comment

    • #3
      Originally posted by lucrus View Post
      Who on earth installs Debian stable on a notebook or otherwise SecureBoot-ed PC?

      Actually I have Debian stable running on my main gaming system + 2 laptops. The laptops aren't very good at gaming so there's not much need for cutting edge.

      Comment

      • #4
        Is there a way to sign the initramfs? Asking for Arch specifically, but could be anything. Right now, this is one of the only loopholes I have on my work computer's boot process. Someone could replace it and sniff my HDD decryption passphrase, for instance.

        I know I could use the TPM to store a decryption key, but that doesn't address other stuff that could be done with the initramfs.

        Comment

        • #5
          Originally posted by debianxfce View Post
          Secure boot is microsofts idea to prevent run anything else than windows in your PC. Disable it in the Bios and use MBR partitions for easy disk cloning.
          You can do better - sign the entire kernel and boot it directly as an EFI application, see: https://github.com/andreyv/sbupdate

          With that you can have the encryption keys in TPM protected even with PCRs: https://aur.archlinux.org/packages/m...-tpm2-encrypt/
          • Likes 1

          Comment

          • #6
            Originally posted by debianxfce View Post
            use MBR partitions for easy disk cloning.
            GPT works fine with all disk cloning tools, don't post bullshit.
            • Likes 4

            Comment

            • #7
              Originally posted by starshipeleven View Post
              GPT works fine with all disk cloning tools, don't post bullshit.
              Remember, it's debianxfce, so all comments about his posts are waste of time.
              • Likes 1

              Comment

              • #8
                I have a feeling Debian 10 is going to be a great release. Not just because of this.

                Comment

                • #9
                  Originally posted by towo2099 View Post
                  Remember, it's debianxfce, so all comments about his posts are waste of time.
                  It depends from the goal. Convincing debianxfce is a waste of time.

                  But bs has to be called as such, that's the only way others will not eventually believe them as true. This is not a waste of time.

                  Comment

                  • #10
                    Originally posted by starshipeleven View Post
                    GPT works fine with all disk cloning tools, don't post bullshit.
                    Don't post bullshit, be debianxfce. Pick one!

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X