Originally posted by debianxfce
View Post
Announcement
Collapse
No announcement yet.
Debian 9.0 "Stretch" Might Not Have UEFI Secure Boot Support
Collapse
X
-
Originally posted by stikonas View Post
On the contrary, it is quite useful. On my laptop I have full disk encryption, so /root and /boot are in one big LUKS volume. only 1 MiB partition in front is unencrypted and it contains a single file, grubx64.efi signed by my own secure boot key which is the only thing that Secure Boot allows to boot here. So evil made attack becomes impractical. You can't replace my signed bootloader with something else.
Comment
-
To me Secure Boot is just a means introduced my MS to hamper installation of alternate operating systems (Linux, BSD, older Windows versions, whatever). Moreover UEFI is a large, bloated mess.
Originally posted by hax0r View PostIt is nice to have a firmware that can understand FAT32 natively
And why should a FW-located boot option menu be so much better than e.g. a GRUB? Especially since you have to be able to read data on partition and file system level then. And that means you need more code in the FW - and are forced to use that very FS on your boot partition. Furthermore having VFAT capabilities anywhere might tempt MS to sue you for license payments for their ancient crutches-of-an-FS-with-added-crutches patents related to VFAT. (Iirc. TomTom was stupid enough to pay...)
Besides, can you update your FW's bootloader as easily as writing to a HDD/SSD? (No, you can't. Especially when you do not have means to get access to the very flash chip.)
Stop TCPA, stupid software patents and corrupt politicians!
- Likes 3
Comment
-
Originally posted by Kohrias View PostNo loss at all. "Secure" boot is an anti-feature anyway.
- Likes 1
Comment
-
Originally posted by Vistaus View PostLolwut? If one can't disable Secure Boot, then single-booting Debian 9.0 isn't going to work either.
Because Debian Testing + XFCE is that awesome.
/sarcasm
- Likes 1
Comment
-
I had to disable those "security" features at the BIOS, otherwise, DKMS kernel modules does not work.
I think that it also include this "security boot" mode.
This "security" is crap, I always use just regular, old school, "BIOS boot".
I use LUKS encryption anyway...
Comment
-
Originally posted by ThiagoCMC View PostI had to disable those "security" features at the BIOS, otherwise, DKMS kernel modules does not work.
I think that it also include this "security boot" mode.
Comment
-
Originally posted by starshipeleven View PostYes, correct. Kernel modules (just as kernel/bootloader/shim) need to be signed if you use SecureBoot, so stuff out of tree or proprietary drivers might not work.
Comment
Comment