Announcement

Collapse
No announcement yet.

memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • debrouxl
    replied
    Originally posted by Chugworth View Post
    Interesting. I already use self-signed secure boot with my Arch installs, so I just ran the same command to sign memtest:
    Code:
    sbsign --key db.key --cert db.crt --output memtest64-6.10.efi memtest.efi
    I then copied it to my boot partition and added it into my EFI boot menu:
    Code:
    efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "memtest64+ 6.10" --loader \memtest64-6.10.efi
    Rebooted and it works like a charm. Though I currently use a different set of secure boot keys for each of my computers. It would probably make more sense to standardize on one set of keys.
    Good to know. Public comments mentioned that beta-testing on hundreds of motherboard models had produced excellent results, which does not mean that no UEFI implementation can ever possibly reject the binary, but indicates that the number of failures isn't expected to be significant.

    Originally posted by Chugworth View Post
    Motherboards ship with the Windows secure boot keys, which is why distributions like Ubuntu go through Microsoft to make things easy. Otherwise you need to create your own keys that you will use to self-sign and import them into the EFI. I don't think memtest is using the Microsoft keys so you will need to self-sign it.
    Right, release binaries for memtest86+ are not (yet ?) signed with Microsoft's key. Per https://github.com/memtest86plus/mem...iscussions/253 , the 6.10 release was cut now, so as to raise the probability than Debian 12 onwards, and other distros released starting from 2023, can integrate an official release with Secure Boot capability.

    Originally posted by Chugworth View Post
    If you're talking about Memtest86 (without the plus), that's not open source and is signed with the Microsoft secure boot key.

    Indeed. Passmark's proprietary, commercial memory tester (whose no-cost version has a number of limitations, e.g. only 16 cores supported, which remains enough for most consumer PCs but is increasingly inadequate in the HEDT and server range) has supported Secure Boot and been signed with Microsoft's key for years​.​​
    Last edited by debrouxl; 04 February 2023, 04:37 AM.

    Leave a comment:

  • Chugworth
    replied
    Originally posted by openminded View Post
    There's another memtest-86 tool which has been working with Secure Boot for over a year now.
    If you're talking about Memtest86 (without the plus), that's not open source and is signed with the Microsoft secure boot key.
    • Likes 8

    Leave a comment:

  • openminded
    replied
    There's another memtest-86 tool which has been working with Secure Boot for over a year now.

    Leave a comment:

  • ranixon
    replied
    Originally posted by antnythr View Post
    Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?
    Yes and no. If you want to use the Microsft Keys, you have to go through Microsft, but you can always make and sign with you own keys
    • Likes 3

    Leave a comment:

  • Chugworth
    replied
    Interesting. I already use self-signed secure boot with my Arch installs, so I just ran the same command to sign memtest:
    Code:
    sbsign --key db.key --cert db.crt --output memtest64-6.10.efi memtest.efi
    I then copied it to my boot partition and added it into my EFI boot menu:
    Code:
    efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "memtest64+ 6.10" --loader \memtest64-6.10.efi
    Rebooted and it works like a charm. Though I currently use a different set of secure boot keys for each of my computers. It would probably make more sense to standardize on one set of keys.

    Originally posted by antnythr View Post
    Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?
    Motherboards ship with the Windows secure boot keys, which is why distributions like Ubuntu go through Microsoft to make things easy. Otherwise you need to create your own keys that you will use to self-sign and import them into the EFI. I don't think memtest is using the Microsoft keys so you will need to self-sign it.
    • Likes 9

    Leave a comment:

  • antnythr
    replied
    Random question: Do developers need to go through Microsoft to make their distros compatible with Secure Boot?
    • Likes 7

    Leave a comment:

  • debrouxl
    replied
    Exactly, when the binary is signed (by an OS distro, or the user) using a key whose corresponding validation key is part of the target computer's MOK.
    • Likes 7

    Leave a comment:

  • MorrisS.
    replied
    So, will be possible to run the test with secure boot enabled.
    Last edited by MorrisS.; 04 February 2023, 04:42 PM.
    • Likes 6

    Leave a comment:

  • phoronix
    started a topic memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

    memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

    Phoronix: memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI

    Last October marked the release of memtest86+ 6.0 as the first major update to this bootable, open-source RAM testing software in nearly a decade. The memtest86+ 6.0 release marked a rewrite of the software while out today is the first update to that widely-used RAM testing software...

    memtest86+ 6.10 Released With UEFI Secure Boot Signing, Headless EFI - Phoronix
    https://www.phoronix.com/news/memtest86-plus-6.10
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 4
Previous 1 2 template Next
Working...
X