On 02/20/2018 03:41 AM, Tom H wrote:
Ubuntu's using an MS sig. The difference between Fedora and Ubuntu is that the latter doesn't require that kernel modules be signed.
If that's true, then I think they're in violation of the secure boot rules. And even if not, it makes secure boot ineffective anyway.
AFAIK, "shim" is signed by MS (and is validated by an MS-supplied and -signed "thingy" in the firmware) and it embeds the Fedora sig with which grub, the kernel, and the kernel modules are signed and validated.
Correct. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
