On Mon, Jul 15, 2024 at 6:48 AM George N. White III <gnw...@gmail.com> wrote: > > On Sun, Jul 14, 2024 at 5:50 AM François Patte > <francois.pa...@mi.parisdescartes.fr> wrote: >> [...] >> I have secure boot enabled. >> >> Is there some how-to explaining with details how to proceed. I'm not >> very good with efi boot system nor secure boot. > > You should know that secure boot as implemented in most linux distros is > "security theater".
Another complaint about Trusted Execution Environments and Secure Boot is, they only make a statement/attestation about the system in the past. A system with resident malware exploited after boot will still report Ok. > Extra work is needed when initread and kernel are separate, > and /boot should be encrypted: > <https://ruderich.org/simon/notes/secure-boot-with-grub-and-signed-linux-and-initrd> > The existing Fedora secure boot configuration may offer some protection for > those > who also boot Windows. Jeff -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
