SCIENTIFIC-LINUX-USERS Archives

February 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Installing on a new laptop
From:
Tom H <[log in to unmask]>
Reply To:
Tom H <[log in to unmask]>
Date:
Thu, 28 Feb 2013 14:56:16 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (17 lines) 
On Thu, Feb 28, 2013 at 2:38 PM, Robert Blair <[log in to unmask]> wrote:
> On 02/28/2013 01:35 PM, Tom H wrote:
>>
>> I wouldn't be surprised if SB became "un-disable-able" in the next
>> few years. We'd then have to use an MS-signed shim to boot, as is
>> now the case with the default Fedora and Ubuntu SB setups.
>
> Maybe I've missed something here. If a generic "MS signed shim" is
> available what value does this add? Wouldn't such a shim make booting
> anything alternative possible?

I'm sorry. It's not as generic as I made it look. AIUI, the shim is a
basic stage 1 (or maybe stage 0.5) bootloader whose signature's
validated against an MS key in the computer's ROM. Grub and the kernel
(and its modules in Fedora's case but not in Ubuntu's) are then
validated against a Fedora key in the shim.

ATOM RSS1 RSS2