Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 00:24:47
Message-Id: pan.2012.06.17.00.23.21@cox.net
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Matthew Summers
1 Matthew Summers posted on Sat, 16 Jun 2012 18:52:31 -0500 as excerpted:
2
3 > Pardon my ignorance, but will we be requires to sign the boot
4 > loader/kernel on our install media for a Win8 machine to boot the iso?
5
6 This was one of the issues covered early on. Unless it has changed, no.
7 Booting external media (at least optical, not sure about USB-mass-
8 storage, etc) bypasses the required signing, so that much, at least,
9 should be safe.
10
11 An initial proposal in fact would have required booting optical media in
12 ordered to disable the sig-checks, etc, but AFAIK that was deemed too
13 disruptive, particularly for netbooks and etc that don't normally have
14 built-in optical media at all.
15
16 It's worth noting that EFI can switch back to legacy mode for such
17 things, and it's possible this exception is connected to el-torrito
18 optical disk booting, tho I'm not sure on that. That's why I've
19 specified optical, above. Direct-partitioned and bootable USB media may
20 not be included. I'm sure GKH or others who have been following it
21 closer can fill in the details.
22
23 --
24 Duncan - List replies preferred. No HTML msgs.
25 "Every nonfree program has a lord, a master --
26 and if you use the program, he is your master." Richard Stallman