:: Re: [DNG] ..another new(?) step tow…
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] ..another new(?) step towards Debian systemd: linux-image-4.6.0-1[-rt]-amd-signed, with MSTF keys...
On Sun, 12 Jun 2016 18:00:13 +0200
Edward Bartolo <edbarx@???> wrote:

> Hi,
>
> In line with: <<
> That way only the big distros will be able to provide a bootable OS
> and the poor DIY guy will be definitely disgusted. This EFI thingy
> will in no way improve the security. It is a pure fallacy.
>
>     We can survive as long as the BIOS allows non-EFI boot. I hope
> they will be forced by law to keep this option.

> >>
>
> I have been 'told' that any kernel can still be booted under UEFI
> Secure Boot. This was told to me on forurms.debian.net. The respondent
> insisted any kernel can be booted even custom compiled ones.
>
> Refer to forums.debian.net thread:
> http://forums.debian.net/viewtopic.php?p=609579&sid=c65ab3dc5f980e0c1f79b7b7a5116511#p609579
>
> Edward


Hi Edward,

How can I put this politely? Let's try this...

Most of those remaining in the Debian user world are pure idiots.
They'll pull any old pseudofact out of thin air, and state it as an
absolute truth.

Notice that his web reference's date is October 2012. Last time I
googled this subject (probably 9 months ago), DIY secure boot
overrides, whether involving this Linux Foundation hack or not, were
much more complex than installing Gentoo. They had more steps than an
Arch chroot install. They were a mess.

I've seen no distro-independent way to defeat secure-boot that was
simple enough for a power user: A guy who can install his own software
via ./configure;make;make install, configure his applications, change
window managers, etc, but is not a professional admin.

SteveT


SteveT

Steve Litt
June 2016 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb