The Linux Kernel to lockdown UEFI Secure Boot

Chat about Linux in general
Post Reply
User avatar
michael louwe
Level 8
Level 8
Posts: 2302
Joined: Sun Sep 11, 2016 11:18 pm

The Linux Kernel to lockdown UEFI Secure Boot

Post by michael louwe » Fri Mar 02, 2018 2:33 am

https://www.phoronix.com/scan.php?page= ... kdown-2018 (1 March 2018 - The Linux Kernel Prepares To Be Further Locked Down When Under UEFI Secure Boot)

M$ controls UEFI Secure Boot for most users through the certificate-signing requirement for EFI bootloaders. Now Red Hat wants to add to this control by blocking the editing of kernel boot parameters, eg the nomodeset parameter that fixes boot problems for proprietary Nvidia and AMD graphics card.
....... Remember, both M$ and Red Hat have enterprises as their cash cows = they do not really care about ordinary consumers or computer dummies.

For the launch of Win 10 in 2015, M$ "decreed" that it was up to the OEMs whether they wanted to allow Secure Boot to be disabled in their new Win 10 computers. Acer has done this since late 2017 ...
Certain OEM Win 8.x/10 computers, eg Acer, Asus and HP, have an obstructive or pro-M$ UEFI-BIOS setting for "select an UEFI file as trusted for executing",(= Linux cannot boot). For the fix, please refer to ... https://itsfoss.com/no-bootable-device-found-ubuntu/
viewtopic.php?t=236560

The above latest(= 2017) OEM laptops, eg Acer E and S series, may have even removed this UEFI-BIOS setting(eg "No bootable device" after installing Linux and cannot be fixed), but may be restored by a new BIOS firmware update from the OEMs = update through Windows only. This was after many complaints from affected users. ... viewtopic.php?f=46&t=254948
... Another workaround is ... https://askubuntu.com/questions/862946/ ... re-es1-533
Remember, the OEMs are under the thumb of M$ = will likely not allow Secure Boot to be disabled in new Win 10 computers.

From 2020, Intel will disallow Legacy BIOS in their processors.

Post Reply

Return to “Chat about Linux”