Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 00:24:47
Message-Id: pan.2012.06.17.00.23.21@cox.net
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Matthew Summers
Matthew Summers posted on Sat, 16 Jun 2012 18:52:31 -0500 as excerpted:

> Pardon my ignorance, but will we be requires to sign the boot > loader/kernel on our install media for a Win8 machine to boot the iso?
This was one of the issues covered early on. Unless it has changed, no. Booting external media (at least optical, not sure about USB-mass- storage, etc) bypasses the required signing, so that much, at least, should be safe. An initial proposal in fact would have required booting optical media in ordered to disable the sig-checks, etc, but AFAIK that was deemed too disruptive, particularly for netbooks and etc that don't normally have built-in optical media at all. It's worth noting that EFI can switch back to legacy mode for such things, and it's possible this exception is connected to el-torrito optical disk booting, tho I'm not sure on that. That's why I've specified optical, above. Direct-partitioned and bootable USB media may not be included. I'm sure GKH or others who have been following it closer can fill in the details. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman