I am like a lot of other people concerned about privacy, it almost became an obsession at some point.
I know free sofware does not support secure boot[1] shall I been concerced about this? Is it supported by some packages?
[1]https://fsfe.org/campaigns/generalpurpo ... is.en.html
secure boot
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
secure boot
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: secure boot
Out of the box, Linux Mint does not yet work with secure boot. You can disable secure boot in your computer's UEFI, which you can access as you start your computer. Your computer manual will have more information for doing that. Computers that come preloaded with Windows 8 will have secure boot enabled by default, older computers are unlikely to have secure boot enabled (or have it at all).
Re: secure boot
There are definitely open source programs, and entire Linux distributions, that do support Secure Boot. The two individual programs available at the moment are:
In the long run, Secure Boot is likely to be nothing more than an annoying bump in the road for Linux; distributions are already beginning to include Secure Boot support (although Mint doesn't yet do so), and with a good implementation, you might not even realize that you're using Secure Boot unless you need to do something advanced like compile your own kernel. As the tools mature, Secure Boot will become more transparent even to such advanced operations.
- Shim -- This program was developed by Matthew Garrett at Red Hat and is currently used by Ubuntu 12.10 and Fedora 18 (although Ubuntu's version is older and less flexible). Shim works by doing its own Secure Boot checks using cryptographic signatures, similar to the way secure Web sites work. EFI boot loaders, and often kernels, must be signed with a cryptographic key in order to be booted.
- PreBootloader -- This program was written by James Bottomley of the Linux Foundation. AFAIK, it's not currently used by any Linux distribution. It works by enabling the end user to manually add CRCs of binaries to a "whitelist" of programs that are approved. This is simpler for an individual to do than the signing used by shim, but it requires the end user to take that action once for each binary, unlike shim, which can be configured in a way that requires no special actions on the part of the user.
In the long run, Secure Boot is likely to be nothing more than an annoying bump in the road for Linux; distributions are already beginning to include Secure Boot support (although Mint doesn't yet do so), and with a good implementation, you might not even realize that you're using Secure Boot unless you need to do something advanced like compile your own kernel. As the tools mature, Secure Boot will become more transparent even to such advanced operations.