Announcement

Collapse
No announcement yet.

memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

    Phoronix: memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

    Last October marked the release of memtest86+ 6.0 as the first major update to this bootable, open-source RAM testing software in nearly a decade. The memtest86+ 6.0 release marked a rewrite of the software while out today is the first update to that widely-used RAM testing software...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    So, will be possible to run the test with secure boot enabled.
    Last edited by MorrisS.; 04 February 2023, 04:42 PM.

    Comment


    • #3
      Exactly, when the binary is signed (by an OS distro, or the user) using a key whose corresponding validation key is part of the target computer's MOK.

      Comment


      • #4
        Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?

        Comment


        • #5
          Interesting. I already use self-signed secure boot with my Arch installs, so I just ran the same command to sign memtest:
          Code:
          sbsign --key db.key --cert db.crt --output memtest64-6.10.efi memtest.efi
          I then copied it to my boot partition and added it into my EFI boot menu:
          Code:
          efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "memtest64+ 6.10" --loader \memtest64-6.10.efi
          Rebooted and it works like a charm. Though I currently use a different set of secure boot keys for each of my computers. It would probably make more sense to standardize on one set of keys.

          Originally posted by antnythr View Post
          Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?
          Motherboards ship with the Windows secure boot keys, which is why distributions like Ubuntu go through Microsoft to make things easy. Otherwise you need to create your own keys that you will use to self-sign and import them into the EFI. I don't think memtest is using the Microsoft keys so you will need to self-sign it.

          Comment


          • #6
            Originally posted by antnythr View Post
            Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?
            Yes and no. If you want to use the Microsft Keys, you have to go through Microsft, but you can always make and sign with you own keys

            Comment


            • #7
              There's another memtest-86 tool which has been working with Secure Boot for over a year now.

              Comment


              • #8
                Originally posted by openminded View Post
                There's another memtest-86 tool which has been working with Secure Boot for over a year now.
                If you're talking about Memtest86 (without the plus), that's not open source and is signed with the Microsoft secure boot key.

                Comment


                • #9
                  Originally posted by Chugworth View Post
                  Interesting. I already use self-signed secure boot with my Arch installs, so I just ran the same command to sign memtest:
                  Code:
                  sbsign --key db.key --cert db.crt --output memtest64-6.10.efi memtest.efi
                  I then copied it to my boot partition and added it into my EFI boot menu:
                  Code:
                  efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "memtest64+ 6.10" --loader \memtest64-6.10.efi
                  Rebooted and it works like a charm. Though I currently use a different set of secure boot keys for each of my computers. It would probably make more sense to standardize on one set of keys.
                  Good to know. Public comments mentioned that beta-testing on hundreds of motherboard models had produced excellent results, which does not mean that no UEFI implementation can ever possibly reject the binary, but indicates that the number of failures isn't expected to be significant.

                  Originally posted by Chugworth View Post
                  Motherboards ship with the Windows secure boot keys, which is why distributions like Ubuntu go through Microsoft to make things easy. Otherwise you need to create your own keys that you will use to self-sign and import them into the EFI. I don't think memtest is using the Microsoft keys so you will need to self-sign it.
                  Right, release binaries for memtest86+ are not (yet ?) signed with Microsoft's key. Per https://github.com/memtest86plus/mem...iscussions/253 , the 6.10 release was cut now, so as to raise the probability than Debian 12 onwards, and other distros released starting from 2023, can integrate an official release with Secure Boot capability.

                  Originally posted by Chugworth View Post
                  If you're talking about Memtest86 (without the plus), that's not open source and is signed with the Microsoft secure boot key.

                  Indeed. Passmark's proprietary, commercial memory tester (whose no-cost version has a number of limitations, e.g. only 16 cores supported, which remains enough for most consumer PCs but is increasingly inadequate in the HEDT and server range) has supported Secure Boot and been signed with Microsoft's key for years​.​​
                  Last edited by debrouxl; 04 February 2023, 04:37 AM.

                  Comment


                  • #10
                    Great news! Using it now, v6.10. Works beautifully.
                    I wonder if it will support detection of ECC corrections?

                    Comment

                    Working...
                    X